Settings of policy for S3 Bucket

5ksnowthere

I've created following policy for accessing my S3 bucket I'm going to use for Boxcryptor:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:HeadBucket",
"s3:GetBucketLocation",
"s3:ListObjects"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::my-bucket-name"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::my-bucket-name/*"
}
]
}

The status is: boxcryptor is able to add this bucket as Provider, but any attempt to create encerypted Folder ends up with error "Failed to create new folder".

In debug log there is:

PUT https://my-bucket-name.s3-eu-west-1.amazonaws.com/test-encrypted-folder-01/FolderKey.bch

403 Forbidden
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error>AccessDenied<Message>Access Denied</Message><RequestId>xxx</RequestId><HostId>xxx</HostId></Error>"

Any idea?