A bucket with a policy that enforces "bucket-owner-full-control" results in Access Denied if multipart is used to upload the object.
It is also discussed in an awscli issue: https://github.com/aws/aws-cli/issues/1674 aws client exits with "An error occurred (AccessDenied) when calling the CreateMultipartUpload operation", but it has been fixed on the server side rather than the client. Since without multi-part the object size in Rados Gateway has a limit of 5G and apparently increasing the limit is not recommended, how can I enforce "bucket-owner-full-control" and allow multipart upload? A sample bucket policy: { "Version": "2012-10-17", "Id": "read-write", "Statement": [ ... "Sid": "PolicyForAllowUploadWithCannedACL", "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::18f2c0870e3649b0f383504aec1d0bef:root" ] }, "Action": [ "s3:PutObject" ], "Resource": [ "arn:aws:s3:::mybucket", "arn:aws:s3:::mybucket/*" ], "Condition": { "StringEquals": { "s3:x-amz-acl": "bucket-owner-full-control" } } } ] } Regards, Rasool _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
