小编dig*_*noe的帖子

授予 EC2 IAM 角色对 S3 存储桶的读取访问权限

我有一个 AWS Elastic Beanstalk Rails 应用程序，我正在通过配置脚本配置它以从 S3 存储桶中提取一些文件。当我启动应用程序时，我不断在日志中收到以下错误（为了安全起见，存储桶名称已更改）：

Failed to retrieve https://s3.amazonaws.com/my.bucket/bootstrap.sh: HTTP Error 403 : <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message>

Run Code Online (Sandbox Code Playgroud)

配置文件：

packages:
  yum:
    git: []

files:
  /opt/elasticbeanstalk/hooks/appdeploy/pre/01a_bootstrap.sh:
    mode: "00755"
    owner: root
    group: root
    source: https://s3.amazonaws.com/my.bucket/bootstrap.sh

Run Code Online (Sandbox Code Playgroud)

Elastic Beanstalk 环境设置了aws-elasticbeanstalk-ec2-roleIAM 角色作为它的实例角色。此角色具有以下策略：

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:Get*",
        "s3:List*"
      ],
      "Resource": "arn:aws:s3:::my.bucket/*"
    }
  ]
}

Run Code Online (Sandbox Code Playgroud)

S3 存储桶具有以下策略：

{
"Version": "2008-10-17",
"Statement": [
    {
        "Sid": "Stmt1371012493903",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::<account #>:role/aws-elasticbeanstalk-ec2-role"
        }, …

Run Code Online (Sandbox Code Playgroud)

amazon-s3 amazon-ec2 amazon-web-services amazon-iam elastic-beanstalk

dig*_*noe

lucky-day

10
推荐指数

1
解决办法

1万
查看次数