`Access Denied` for some files, when syncing buckets

amazon-s3 aws-cli

I'm using awscli to sync 2 buckets (same account):

aws s3 sync --only-show-errors s3://bucket-1 s3://bucket-2

but for some files I get permission errors:

copy failed: s3://bucket-1/dirname/file.flac to s3://bucket-2/dirname/file.flac An error occurred (AccessDenied) when calling the UploadPartCopy operation: Access Denied

(in some cases the the failing operation is CopyObject)

this only seems to happen for .flac files. all other files are .mp3s, so the only difference is I can think of is the file size.

since I'm using a user with full s3 permissions for this, I don't understand why this is happening (or how this could be fixed).


Solution 1:

Could it be that the object is owned by a different account?

It may happen when a bucket in AWS account AAA is writable by AWS account BBB, e.g. through BucketPolicy, but the writer (in BBB) didn't specify --acl bucket-owner-full-control permission when uploading it.

Check the object's ACL using:

aws s3api get-object-acl --bucket bucket-1 --key dirname/file.flac

Similar for the destination - if an existing object is owned by a different account you won't be able to overwrite it. That's why UploadPartCopy would fail.

Hope that helps.

Related

Is it possible to block or allow SSH connections to a server on Cloudflare
Block requests from bots by pattern in apache with mod_rewrite. mod_rewrite not working
Bash script - check if a variable is located between 2 others variables?
connect to smtp.gmail: Connection refused
fail2ban not banning IPs on Ubuntu 20.04
Permission problems when creating a dir with os.makedirs in Python
Difference between system.gc() and runtime.gc()
Get the mean across multiple Pandas DataFrames
Google Compute Engine: what is the difference between disk snapshot and disk image?
How to update a document using elasticsearch-py?
Is there any ASCII character for <br>?
How to use onClick with divs in React.js