Opened 5 years ago
Last modified 5 years ago
#12029 new Bug report
Unable to connect to S3 bucket which has conditional perms
| Reported by: | hkrok | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | FileZilla Client |
| Keywords: | Cc: | ||
| Component version: | 3.45.2 | Operating system type: | Windows |
| Operating system version: | Windows 10 |
Description
FileZilla Pro is unable to connect to AWS S3 buckets that have conditional ListBucket permissions. The result is a 400 Bad Request.
I have a S3 bucket on which the ListBucket permission for my user is conditional with a string prefix, e.g.:
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::my-bucket",
"Condition": {
"StringLike": {
"s3:prefix": [
"",
"/",
"mysubdir",
"mysubdir/"
etc.
The policy means that the user is only able to browse the top level of the bucket and the mysubdir folder, but not any of the other folders in there. The policy is confirmed as working, via the AWS CLI, AWS console and other 3rd party apps like "S3 Browser", "Cyberduck", etc.
When FileZilla Pro tries to connect to a bucket like this the result is:
Response: HTTP/1.1 400 Bad Request
and
Error: Failed to retrieve directory listing
I tried adding a remote directory in the connection config (eg /my-bucket/mysubdir) but that didnt help.
Please help!
The same thing happens on the latest MAC version too btw.