Contradictory information in docs

kepler · November 24, 2025, 11:24am

The examples in Creating a Limited Access Key | Tigris Object Storage Documentation show the usage of the StringLike condition. However, IAM Policy Support | Tigris Object Storage Documentation doesn’t list it as supported.

Indeed, when I try to create a policy with it, it fails.

So besides a confirmation that it is indeed not supported and the examples need updating, I’d like to ask whether there’s any other way of restricting the s3:ListBucket to only a path (e.g., automation/*). Right now it seems I have to allow "arn:aws:s3:::my-bucket" for s3:ListBucket to be able to mount my-bucket/automation, but this allows mounting any directory my-bucket/* and listing everything there, even if with size 0 and unreadable. When using "arn:aws:s3:::my-bucket/automation/*", the mount fails.

Appreciate any clarification (I’m probably doing something wrong) and guidance on best practice for achieve what the first example shows (Creating a Limited Access Key | Tigris Object Storage Documentation).

mantas · November 24, 2025, 5:32pm

Hello,

Thank you for pointing out the contradiction in our documentation. You’re correct that we do not yet support StringLike conditions, and we’ve updated the documentation to reflect this.

Unfortunately, we currently don’t have a mechanism to limit s3:ListBucket to specific directories within a bucket. Using StringLike conditions would be the way to achieve that, but this functionality is not available yet.

system · December 1, 2025, 5:33pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.