`Access Denied` for some files, when syncing buckets

I'm using awscli to sync 2 buckets (same account):

aws s3 sync --only-show-errors s3://bucket-1 s3://bucket-2

but for some files I get permission errors:

copy failed: s3://bucket-1/dirname/file.flac to s3://bucket-2/dirname/file.flac An error occurred (AccessDenied) when calling the UploadPartCopy operation: Access Denied

(in some cases the the failing operation is CopyObject)

this only seems to happen for .flac files. all other files are .mp3s, so the only difference is I can think of is the file size.


since I'm using a user with full s3 permissions for this, I don't understand why this is happening (or how this could be fixed).


Solution 1:

Could it be that the object is owned by a different account?

It may happen when a bucket in AWS account AAA is writable by AWS account BBB, e.g. through BucketPolicy, but the writer (in BBB) didn't specify --acl bucket-owner-full-control permission when uploading it.

Check the object's ACL using:

aws s3api get-object-acl --bucket bucket-1 --key dirname/file.flac

Similar for the destination - if an existing object is owned by a different account you won't be able to overwrite it. That's why UploadPartCopy would fail.

Hope that helps.