If you use s3cmd and encountered [Errno 32] Broken pipe as you try to put an object in a bucket, understand that this is a very very bad error message.

Jeremy blogged about this and attributed the error to a typo in the bucket name.

Others attributed it to no permission, file too big, etc..

I attributed it to incorrect permission policy.

I was trying to create a new security group, and adding a new user, and restrict his access to only 1 of my S3 bucket. When you create a new security group, you can edit the policy.

You might change to this, thinking it allows all action on example_bucket:

```json WRONG Policy

You are wrong (though I say Amazon and it's documentation to blame).

The [correct way]( is to have multiple statements like this:

```json Correct Policy
  "Statement": [
      "Effect": "Allow",
      "Action": [
      "Resource": "arn:aws:s3:::example_bucket",
      "Condition": {}
      "Effect": "Allow",
      "Action": [
      "Resource": "arn:aws:s3:::example_bucket/*",
      "Condition": {}

You need to split into 2 resources.

  1. arn:aws:s3:::example_bucket - allow to list objects in the bucket

  2. arn:aws:s3:::example_bucket/* - allow to Get/Put/etc the objects in the bucket

It’s subtle..




Back to Home