Wrangler r2 usage fails when using non-admin tokens

Attempting to put/get an object from R2 with the latest wrangler CLI fails with a 403 status when using a non-admin token for both scoped and non-scoped.

[ERROR] Failed to fetch /accounts/[REDACTED]/r2/buckets/[REDACTED]/objects/README2.md - 401: Unauthorized);

Docs: Upload objects · Cloudflare R2 docs

Possibly related, whoami fails to retrieve user info when using the token.

❯ CLOUDFLARE_ACCOUNT_ID="[REDACTED]" CLOUDFLARE_API_TOKEN="[REDACTED]" npx wrangler whoami
 ⛅️ wrangler 3.22.4
-------------------
Getting User settings...
👋 You are logged in with an API Token. Unable to retrieve email for this user. Are you missing the `User->User Details->Read` permission?
┌───────────────────┬──────────────────────────────────┐
│ Account Name      │ Account ID                       │
├───────────────────┼──────────────────────────────────┤
│ XXX │ XXX │
└───────────────────┴──────────────────────────────────┘
🔓 To see token permissions visit https://dash.cloudflare.com/profile/api-tokens

Changing the permissions on the token from non-admin to admin results in a successful operation.

1 Like

Same here:

✘ [ERROR] Failed to fetch 

when attempting to delete an object with a token with permissions: Object Read & Write

it works when I change perms to Admin Read & Write

Hi,

To provide some clarity here, what you are describing is a known issue that the R2 team are aware of and are working to resolve in the future.

Foe the time being you can use other supported S3-compatible tools such as rclone, the AWS CLI, or a GUI such as Cyberduck.