Access Denied when copying between buckets with Role credentials #463
Description
I might be wrong about this, but it appears that copying between two buckets doesn't work when using an EC2 role (while it successfully works using a credentials configuration file).
Config file works
This command works when credentials have been provided via a credentials file (pointed to via AWS_CONFIG_FILE environment setting):
aws s3 cp s3://source-bucket/key s3://target-bucket/ --region ap-southeast-2 --profile xyz
It works both on an EC2 instance and on a non-EC2 computer.
Role credentials don't work
When running the same command on an EC2 instance that was launched with a Role that has Full Admin permissions, I receive an error:
copy failed: s3://source-bucket/key to s3://target-bucket/key
A client error (AccessDenied) occurred: Access Denied
I tried exactly the same command on an EC2 instance, the only difference being the inclusion of a "--profile" reference for the first situation. So, it's the same computer, with only the credentials varying.
The debug code doesn't reveal much, but this is what it says after the attempted PUT:
2013-11-03 10:14:18,488 - botocore.response - DEBUG - Response Body:
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>41EE7974F0F0F2F1</RequestId><HostId>VZxWcpjoj6zFfJjY9oCq07PksRhMlRyBQXxjOyegsVgjkP028p70PGobHFnuuIXB</HostId></Error>
Can anyone verify if this is the case, or something I might be doing wrong? Thank you!