I'm trying to list all the files in my S3 bucket. But constantly getting the error Access denied. I think I have the necessary permissions in my IAM user :

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "SID",
            "Effect": "Allow",
            "Action": [
                "s3:AbortMultipartUpload",
                "s3:DeleteObject",
                "s3:DeleteObjectVersion",
                "s3:GetBucketAcl",
                "s3:GetBucketCORS",
                "s3:GetBucketLocation",
                "s3:GetBucketLogging",
                "s3:GetBucketNotification",
                "s3:GetBucketPolicy",
                "s3:GetBucketRequestPayment",
                "s3:GetBucketTagging",
                "s3:GetBucketVersioning",
                "s3:GetBucketWebsite",
                "s3:GetLifecycleConfiguration",
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:GetObjectTorrent",
                "s3:GetObjectVersion",
                "s3:GetObjectVersionAcl",
                "s3:GetObjectVersionTorrent",
                "s3:ListAllMyBuckets",
                "s3:ListBucket",
                "s3:ListBucketMultipartUploads",
                "s3:ListBucketVersions",
                "s3:ListMultipartUploadParts",
                "s3:PutBucketAcl",
                "s3:PutBucketCORS",
                "s3:PutBucketLogging",
                "s3:PutBucketNotification",
                "s3:PutBucketPolicy",
                "s3:PutBucketRequestPayment",
                "s3:PutBucketTagging",
                "s3:PutBucketVersioning",
                "s3:PutBucketWebsite",
                "s3:PutLifecycleConfiguration",
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:PutObjectVersionAcl",
                "s3:RestoreObject"
            ],
            "Resource": [
                "arn:aws:s3:::bucket/*"
            ]
        }
    ]
}

Is I grant full access to S3, (AmazonS3FullAccess policy), I can list the objects. What might be the issue? I think I only removed permissions to delete and create buckets in the custom policy.

When I add full access to the same policy :

        "Action": [
            "s3:*"
        ],

still I can't list objects. But with the current permissions I can upload and delete objects.

Just found the answer! The Actions allowed in the policy are correct. The problem is with the Resource. I was using this :

"Resource": [
   "arn:aws:s3:::bucket/*"
]

But it looks like it does not give permission to the root of the bucket. No full access. So, to make it work, we have to remove / like this :

"Resource": [
   "arn:aws:s3:::bucket*"
]

Now it's working like a charm.

I was having same issue. I was using two machines, one was having aws profile created and I was able to list s3 bucket, but on second machine where my profile was not created and I was using Set-AWSCredential command I was not able to list s3 bucket. Moment I created profile I was able to access s3 ls.