I am trying to get Adobe to post their clickstream analytics data - using Adobe Experience Amazon S3 File Delivery - to an AWS S3 bucket I created (called adobe). So I created an IAM user, assigned it to a group which has the following IAM policy, and I configured Adobe S3 File Delivery with the IAM user's access and secret keys.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowGroupToSeeBucketListAndAlsoAllowGetBucketLocationRequiredForListBucket",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*"
]
},
{
"Sid": "AllowRootLevelListingOfCompanyBucket",
"Action": [
"s3:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::adobe",
"arn:aws:s3:::adobe/*"
]
}
]
}
Wasn't sure what the bucket address was but tried:
https://s3-eu-west-1.amazonaws.com/adobe/daily/
and each time Adobe come back with this error:
Exception caught: An error occurred (AccessDenied) when calling the GetBucketLocation operation: Access Denied
I tried web hosting this bucket and trying this bucket address instead:
http://adobe.s3-website-eu-west-1.amazonaws.com
... same error.
Using Cloudberry for S3, I checked the secret and access keys and it worked fine in terms of access to that bucket and sub folders. I didn't check using the CLI.
Any ideas / help much appreciated. Thanks.
@jarmod - that was the answer - adding a bucket name rather than bucket address made it work. Thanks
Thanks to everyone else.