When attempting to delete multiple files in a Ceph bucket, via the s3cmd cli the following error is presented:
s3cmd rm --recursive --force s3://search-backup/
ERROR: S3 error: 403 (AccessDenied)
Deleting single files with the following works as expected:
s3cmd rm s3://search-backup/tests-12-4O9i-QSKbAnNQARHCnA/data-gXYONdsDQ1-87v5vOqsL2g.dat
delete: 's3://search-backup/tests-12-4O9i-QSKbAnNQARHCnA/data-gXYONdsDQ1-87v5vOqsL2g.dat'
The bucket has the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam:::user/search_backup"
]
},
"Action": [
"s3:AbortMultipartUpload",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionTagging",
"s3:GetObjectRetention",
"s3:GetObjectLegalHold",
"s3:GetObjectTagging",
"s3:PutObject",
"s3:PutObjectRetention",
"s3:PutObjectAcl",
"s3:PutObjectLegalHold",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:DeleteObjectTagging",
"s3:PutObjectTagging",
"s3:RestoreObject",
"s3:PutBucketObjectLockConfiguration"
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::search-backup/*"
]
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam:::user/search_backup"
]
},
"Action": [
"s3:GetBucketAcl",
"s3:GetBucketCORS",
"s3:GetBucketLocation",
"s3:GetBucketNotification",
"s3:PutBucketNotification",
"s3:GetBucketObjectLockConfiguration",
"s3:GetBucketPolicy",
"s3:GetBucketVersioning",
"s3:ListBucketVersions",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:GetLifecycleConfiguration",
"s3:GetReplicationConfiguration",
"s3:ListAllMyBuckets",
"s3:GetBucketTagging",
"s3:PutBucketTagging",
"s3:PutBucketCORS",
"s3:ListAllMyBuckets"
],
"Resource": [
"arn:aws:s3:::search-backup"
]
}
]
}
Using del instead of rm results in the same behavior.
Is there a permission or setting that is being missed?