THp*_*ubs 7 amazon-s3 amazon-web-services
我正在尝试列出S3存储桶中的所有文件.但不断得到错误访问被拒绝.我想我的IAM用户拥有必要的权限:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SID",
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetBucketAcl",
"s3:GetBucketCORS",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketPolicy",
"s3:GetBucketRequestPayment",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:GetLifecycleConfiguration",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectTorrent",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTorrent",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts",
"s3:PutBucketAcl",
"s3:PutBucketCORS",
"s3:PutBucketLogging",
"s3:PutBucketNotification",
"s3:PutBucketPolicy",
"s3:PutBucketRequestPayment",
"s3:PutBucketTagging",
"s3:PutBucketVersioning",
"s3:PutBucketWebsite",
"s3:PutLifecycleConfiguration",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl",
"s3:RestoreObject"
],
"Resource": [
"arn:aws:s3:::bucket/*"
]
}
]
}
我是否授予对S3的完全访问权限(AmazonS3FullAccess策略),我可以列出对象.可能是什么问题?我想我只删除了在自定义策略中删除和创建存储桶的权限.
当我添加对同一策略的完全访问权限时:
"Action": [
"s3:*"
],
我仍然无法列出对象.但是使用当前权限,我可以上传和删除对象.
刚刚找到答案!策略中允许的操作是正确的.问题在于Resource.我在用这个:
"Resource": [
"arn:aws:s3:::bucket/*"
]
但看起来它没有授予存储桶根的权限.没有完全访问权限 所以,为了使它工作,我们必须删除/如下:
"Resource": [
"arn:aws:s3:::bucket*"
]
现在它的工作就像一个魅力.
| 归档时间: |
|
| 查看次数: |
4420 次 |
| 最近记录: |