I’m not sure if this is documented anywhere, but sometimes changes to a policy might take a minute or two to kick in. If you’re aware of this, and you’re 100% sure that what you’re doing it right then it’s fine, but when you’re not sure if your policy is correct then it can be a little frustrating to troubleshoot.
On a related note, if you’re looking for a quick guide on creating a subaccount and giving it access to a single S3 bucket then this is the link for you: How to create subaccounts and share buckets using IAM and Cloudberry S3 Explorer.
The post is written in the context of Cloudberry Explorer, but even if you don’t use Cloudberry Explorer you can easily translate the concepts and the policy text over to either the AWS console or any other tool you might be using – or just use it as an excuse to switch over to Cloudberry
Tags: Amazon S3, Cloudberry