Way to hide folder views in S3 through IAM

[PryDatar]

We’re using Mountain Duck to mount an Amazon S3 bucket that contains multiple user-specific folders.
Each IAM user has a policy granting access only to their respective subfolders, for example:

arn:aws:s3:::my-bucket/ressources/UserA/*
arn:aws:s3:::my-bucket/ressources/UserB/*

However, when users connect through Mountain Duck, they can still see the names of other top-level folders under /ressources, even though they cannot open or access their contents.

It seems that Mountain Duck lists all folder prefixes returned by the S3 ListBucket API call, even if access to those objects is denied by IAM conditions.

Goal:

We would like to hide non-authorized folder names in the S3 view, so that each user only sees the directories they are explicitly allowed to list (as defined in their IAM policy).

In short:

Users should only see their own folders (matching allowed s3:prefix conditions).

Other folders should not appear at all in the directory listing.

Example IAM setup:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*Object",
      "Resource": "arn:aws:s3:::my-bucket/ressources/UserA/*"
    },
    {
      "Effect": "Allow",
      "Action": "s3:ListBucket",
      "Resource": "arn:aws:s3:::my-bucket/ressources",
      "Condition": {
        "StringLike": { "s3:prefix": "UserA/*" }
      }
    }
  ]
}

Even with this restricted IAM policy, Mountain Duck currently lists all other folders under /ressources, which can cause confusion and partial information exposure.

Question / Feature request:

Would it be possible to make Mountain Duck honor the IAM s3:prefix condition when listing S3 folders, so that non-authorized prefixes are hidden from the user interface?

This would make the visible directory tree consistent with the user’s actual IAM permissions and improve security isolation when multiple users share the same bucket.

[PryDatar]

To be more precise, in our setup, we’re managing a shared Amazon S3 bucket mounted through Mountain Duck, where several users connect to a common parent directory (for example, /projects/ or /resources/).

Each user has an IAM policy granting access to specific subfolders, but they should not be able to see the names of other folders that are outside their permissions.

[dkocher]

Accessing S3 we are not aware of the policy restrictions that are applied to the user we authenticate with using static or temporary access keys. Thus all prefixes are included as returned by the S3 API and only when accessing a prefix we will eventually encounter an error.

[dkocher]

I would suggest that you either provision

• Bookmarks (.duck) to the users that have the user specific prefix set as Path.
• Connection Profile (.cyberduckprofile) with a custom Default Path set.