[Docs] AWS S3 V3 - IAM Permissions missing "ListObjects" action
ToshY opened this issue · comments
Bug Report
| Q | A |
|---|---|
| Flysystem Version | 3.17.0 |
| Adapter Name | AWS S3 V3 |
| Adapter version | 3.16.0 |
| AWS SDK PHP | 3.283.3 |
Summary
Problem
Having created an Filesystem instance with an s3 adapter and a client with an application key that only has write permissions, I was somewhat confused when it failed while performing a deleteDirectory action. Throwing the previous exception I saw the following response:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Error>
<Code>AccessDenied</Code>
<Message>not entitled< (truncated...)
AccessDenied (client): not entitled - <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Error>
<Code>AccessDenied</Code>
<Message>not entitled</Message>
</Error>
</xml>So creating/using an application key that has both ListObjects as well as DeleteObject permissions is the way-to-go if you want to use deleteDirectory. (see method deleteMatchingObjectsAsync from aws-sdk-php)
Solution
Update documentation section for AWS S3 V3 - IAM Permissions to include ListObjects in action list.
How to reproduce
Create an AwsS3V3Adapter with a s3Client that has an appliction key without the ListObjects permission, initialise a filesystem with that, and perform a deleteDirectory action to get the exception.
$filesystem = new Filesystem(
new AwsS3V3Adapter(
client: $s3Client,
bucket: $bucket,
)
);
try {
$filesystem->deleteDirectory('test');
} catch (\League\Flysystem\UnableToDeleteDirectory $exception) {
throw $exception->getPrevious();
}
Added in c41f935