Access Denied when calling the ListObjectsV2

[ghost]

Describe the bug

here is s3_tutorial.py file

import boto3

BUCKET_NAME = "boto-tutorial-bucket"

s3 = boto3.client("s3")

# List all buckets
# buckets_resp = s3.list_buckets()
# for bucket in buckets_resp["Buckets"]:
#   print(bucket)

# List all objects in a bucket
response = s3.list_objects_v2(Bucket=BUCKET_NAME)
for obj in response["Contents"]:
  print(obj)

Expected Behavior

can get list objects in s3 bucket

Current Behavior

botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied

Reproduction Steps

pip3 install boto3
create s3_tutorial.py file

Possible Solution

No response

Additional Information/Context

No response

SDK version used

Name: boto3 Version: 1.26.67 Summary: The AWS SDK for Python Home-page: https://github.com/boto/boto3 Author: Amazon Web Services Author-email: License: Apache License 2.0 Location: C:\Users\chat_\s3\s3-boto3-tutorial\Lib\site-packages Requires: botocore, jmespath, s3transfer Required-by:

Environment details (OS name and version, etc.)

windows 11

[aBurmeseDev]

Hi @chatofking - thanks for reaching out.

From looking at the error, it looks like you might need to configure the IAM policy and make sure that you have the permission for s3:ListBucket to perform ListObjectsV2 actions.

Here's docs how to add permissions to IAM in general and here are instructions on adding ListBucket permission specifically.

This is what the policy you need to add looks like:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BUCKET/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BUCKET"
            ]
        }
    ]
}

Hope that helps and let me know if you have any other questions,
John

[ghost]

how do I check which user I should attach I got many users out there.

[aBurmeseDev]

You could attach to your default user or the user you're actively configured to add the policy. Alternatively, you can add as many users as you have to an IAM group. Please see this guide: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-and-attach-iam-policy.html