How To Set Up AWS Console Access to Browse and Restore Files in S3 Bucket That Were Lifecycled to Glacier?

by definitelynotarobot   Last Updated October 10, 2019 19:00 PM

I am trying to set up a mostly read-only IAM profile for a team member to browse our S3 buckets and to be able to initiate a restore from Glacier when needed in order to download / access certain files all within the web console. The files were all life-cycled to Glacier.

So far I have S3-Read Only for partially based off of this response however I am still getting an access denied error at the bottom of the console w/o any additional info. Any idea what permission might be missing?

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": "*"
        }
    ]
}

And then I attempted to add an in-line policy to allow the restore

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "glacier:GetVaultAccessPolicy",
                "glacier:ListTagsForVault",
                "glacier:DescribeVault",
                "s3:RestoreObject",
                "glacier:GetJobOutput",
                "glacier:ListParts",
                "glacier:GetVaultNotifications",
                "glacier:DescribeJob",
                "glacier:GetDataRetrievalPolicy",
                "glacier:ListJobs",
                "glacier:ListMultipartUploads",
                "glacier:GetVaultLock",
                "glacier:ListVaults"
            ],
            "Resource": "*"
        }
    ]
}


Related Questions


Updated May 17, 2017 09:00 AM

Updated July 08, 2016 07:58 AM

Updated August 25, 2017 16:00 PM

Updated December 30, 2018 18:00 PM