AWS Transfer: SFTP rename Fails with Permission Denied

Just hit this little fun thing. Using the rename command for SFTP seems to use the s3:CopyObject action, which attempts to copy any object tags as well as the actual object itself.

The IAM Permission associated with the SFTP user must allow s3:GetObjectTagging and s3:PutObjectTagging or a rename command will get an Access Denied message with no other details. If no object tagging is being used, this probably isn’t necessary.

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "AllowListBucket",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::S3_BUCKET_NAME_HERE"
            "Sid": "AllowObjectAccess",
            "Effect": "Allow",
            "Action": [
+               "s3:PutObjectTagging",
+               "s3:GetObjectTagging",
            "Resource": "arn:aws:s3:::S3_BUCKET_NAME_HERE/*"