github/cloudpanel-ce
1
1
Fork 0
mirror of https://github.com/cloudpanel-io/cloudpanel-ce.git synced 2026-04-05 20:31:58 +02:00
Code Issues 11 Packages Projects Releases Wiki Activity

Amazon S3 Backup Permissions Bug #94

New Issue
Closed
opened 2026-04-05 20:25:27 +02:00 by MrUnknownDE · 0 comments
MrUnknownDE commented 2026-04-05 20:25:27 +02:00
Owner
Copy Link

Originally created by @dkramer47 on 5/5/2025

CloudPanel version(s) affected

2.5.1

Description

I created an AWS IAM user with the following permissions for bucket example.bucket:

Image

After doing that, I got the Access Key and Secret Key, and filled out the S3 backup form, which resulted in this error, even though all information was correct and the user had access to the bucket:

Image

To fix it, I had to update the user policy to ALL S3 resources, then the CloudPanel form saved fine. After that I once more updated the user policy to only include the example.bucket and objects arn, and the backup ran just fine.

How to reproduce

  1. Create a new IAM user in AWS with the following policy for your bucket (blacked out is bucket name):

Image

  1. Generate an Access/Secret Key for that user.

  2. Fill out the CloudPanel Amazon S3 backup form using that bucket and newly created user access key and click "Save".

  3. You should get an access error, even if all of the information is correct.

  4. Go back to Amazon (without clearing the CloudPanel form).

  5. Update the policy, but remove the bucket specification and set it to all resources.

  6. Resubmit the CloudPanel form. It should save fine.

  7. Go back to Amazon once more, reset the policy to the original bucket-specific one.

  8. Run a CloudPanel backup. It should work as expected.

Possible Solution

It looks almost as if CloudPanel is trying to list the buckets for that user and see if the provided bucket is in that list. But from what I can tell, when a user doesn't have access to all buckets, you can't list any of them, even the ones that they have access to.

If I am correct, maybe update the logic to instead try to run a write/read on the specific bucket to know if access is there?

Additional Context

No response

*Originally created by @dkramer47 on 5/5/2025* ### CloudPanel version(s) affected 2.5.1 ### Description I created an AWS IAM user with the following permissions for bucket `example.bucket`: ![Image](https://github.com/user-attachments/assets/bb6d9896-5cb7-4282-b78d-8321f81c591f) After doing that, I got the Access Key and Secret Key, and filled out the S3 backup form, which resulted in this error, even though all information was correct and the user had access to the bucket: ![Image](https://github.com/user-attachments/assets/f8fb789b-12b5-4c6f-aa67-2064acfa972e) To fix it, I had to update the user policy to ALL S3 resources, then the CloudPanel form saved fine. After that I once more updated the user policy to only include the `example.bucket` and objects arn, and the backup ran just fine. ### How to reproduce 1. Create a new IAM user in AWS with the following policy for your bucket (blacked out is bucket name): ![Image](https://github.com/user-attachments/assets/bb6d9896-5cb7-4282-b78d-8321f81c591f) 2. Generate an Access/Secret Key for that user. 3. Fill out the CloudPanel Amazon S3 backup form using that bucket and newly created user access key and click "Save". 4. You should get an access error, even if all of the information is correct. 5. Go back to Amazon (without clearing the CloudPanel form). 6. Update the policy, but remove the bucket specification and set it to all resources. 7. Resubmit the CloudPanel form. It should save fine. 8. Go back to Amazon once more, reset the policy to the original bucket-specific one. 9. Run a CloudPanel backup. It should work as expected. ### Possible Solution It looks almost as if CloudPanel is trying to list the buckets for that user and see if the provided bucket is in that list. But from what I can tell, when a user doesn't have access to all buckets, you can't list any of them, even the ones that they have access to. If I am correct, maybe update the logic to instead try to run a write/read on the specific bucket to know if access is there? ### Additional Context _No response_
MrUnknownDE added the bugbugbugbugbugbugbugbug labels 2026-04-05 20:25:28 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
In progress
In progress
In progress
In progress
In progress
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
feedback needed
feedback needed
help wanted
improvement
improvement
improvement
improvement
patch available
patch available
wontfix
No Label bug bug bug bug bug bug bug bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
MrUnknownDE
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github/cloudpanel-ce#94
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?