Kev*_*inD 6 amazon-s3 amazon-web-services aws-cli
尝试使用 AWS CLI 提取 S3 存储桶的内容时,我得到以下信息:
aws s3 cp --region us-east-1 s3://s3.amazonaws.com/my-bucket . --recursive
A client error (AccessDenied) occurred when calling the ListObjects operation: Access Denied
Completed 1 part(s) with ... file(s) remaining
使用aws s3 sync同样失败。
用户政策是:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": ["arn:aws:s3:::*"]
}
]
}
(我也尝试过各种限制较少的政策,但都无济于事)。
我已经尝试了一个空桶策略,还有这个桶策略:
{
"Id": "Policy1357935677554",
"Statement": [
{
"Sid": "Stmt1357935647218",
"Action": [
"*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::my-bucket",
"Principal": {
"AWS": [
"arn:aws:iam::XXXXXXXXXX:user/my-user"
]
}
},
{
"Sid": "Stmt1357935676138",
"Action": [
"*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::my-bucket/*",
"Principal": {
"AWS": [
"arn:aws:iam::XXXXXXXXXX:user/my-user"
]
}
}
]
}
有趣的是,这确实有效:
aws s3api list-objects --region us-east-1 --bucket my-bucket
小智 5
指定 s3 位置的格式是s3://bucket/keyso 而不是s3://s3.amazonaws.com/my-bucket您将使用s3://my-bucket/.
| 归档时间: |
|
| 查看次数: |
15481 次 |
| 最近记录: |