I´m wondering why I´m able to list or even delete objects from a s3
bucket although public access is blocked and just the bucket-owner has list/write access to the bucket.
This is what I´m doing in code:
using (var s3Client = new AmazonS3Client(Amazon.RegionEndpoint.USWest2))
{
ListObjectsV2Request request = new ListObjectsV2Request
{
BucketName = bucketName,
MaxKeys = 10
};
ListObjectsV2Response response;
do
{
response = await s3Client.ListObjectsV2Async(request);
foreach (Amazon.S3.Model.S3Object obj in response.S3Objects)
{
Console.WriteLine(obj.Key);
}
request.ContinuationToken = response.NextContinuationToken;
} while (response.IsTruncated);
DeleteObjectResponse resp = await s3Client.DeleteObjectAsync(new Amazon.S3.Model.DeleteObjectRequest() { BucketName = bucketName, Key = "dummykey" });
Any idea what I´m doing wrong? Shouldn´t the acl block me from even listing any contents?
CodePudding user response:
I guess your code that use AWS SDK recovers credentials (a pair of AWS Access KEY ID/AWS Secret Key) related to the bucket owner.
If you can, take a look at the IAM user corresponding to the bucket owner, to see if he has programmatic access.
On which is the code running? You should look at the different possibilities to store AWS credentials:
- Environement variables
~/.aws/credentials
file- ...
For more information, look at Configuration settings and precedence: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-precedence
Bonus: Please find the good pratcices to manage your access keys: https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html