[Docs] AWS S3 V3 - IAM Permissions missing "ListObjects" action
ToshY opened this issue · comments
Bug Report
Q | A |
---|---|
Flysystem Version | 3.17.0 |
Adapter Name | AWS S3 V3 |
Adapter version | 3.16.0 |
AWS SDK PHP | 3.283.3 |
Summary
Problem
Having created an Filesystem instance with an s3 adapter and a client with an application key that only has write permissions, I was somewhat confused when it failed while performing a deleteDirectory
action. Throwing the previous exception I saw the following response:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Error>
<Code>AccessDenied</Code>
<Message>not entitled< (truncated...)
AccessDenied (client): not entitled - <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Error>
<Code>AccessDenied</Code>
<Message>not entitled</Message>
</Error>
</xml>
So creating/using an application key that has both ListObjects
as well as DeleteObject
permissions is the way-to-go if you want to use deleteDirectory
. (see method deleteMatchingObjectsAsync
from aws-sdk-php)
Solution
Update documentation section for AWS S3 V3 - IAM Permissions to include ListObjects
in action list.
How to reproduce
Create an AwsS3V3Adapter
with a s3Client
that has an appliction key without the ListObjects
permission, initialise a filesystem with that, and perform a deleteDirectory
action to get the exception.
$filesystem = new Filesystem(
new AwsS3V3Adapter(
client: $s3Client,
bucket: $bucket,
)
);
try {
$filesystem->deleteDirectory('test');
} catch (\League\Flysystem\UnableToDeleteDirectory $exception) {
throw $exception->getPrevious();
}
Added in c41f935