Sea*_*ean 1 amazon-s3 python-3.x boto3
因此,我有一个用户,其 IAM 权限设置为以下内容。它意味着只允许他们创建/删除/列表/等。存储桶的“Target_Folder/”中的对象。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt123456789",
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::bucket/Target_Folder/*"
]
}
]
}
使用 boto3,我将相关的 aws_access_key_id 和 aws_secret_access_key 嵌入到配置中。执行此操作后,我发现我无法在“/Target_Folder/”中执行任何操作,例如:
import boto3
import boto.s3.transfer
#Need to manually import S3Transfer() for some reason.
from boto.s3.transfer import S3Transfer
bucket = 'bucket'
prefix = 'Test_Folder/'
client = boto3.client(s3)
#Attempt to print objects under the Target_Folder
response = client.list_objects(Bucket = bucket, Prefix = prefix)
for file in response['Contents']:
print(file['key'])
#Attempt to upload file
transfer = S3Transfer(client)
transfer.upload_file('C:/filepath/file', bucket, prefix)
最终,无论采用什么方法,我都会收到一个"botocore.exceptions.ClientError: An error occured (SignatureDoesNotMatch)....". 相反,如果我使用具有更多开放存储桶权限的 key/secret_key 对,则与 API 交互时不会出现任何问题。
抱歉,如果这个问题已在另一个线程中得到回答或澄清,我在搜索时找不到任何好的答案。
首先,s3 存储桶bucket应该存在。
您需要s3:ListBucket对s3存储桶进行权限分配,然后才能授予该存储桶中的对象访问权限
{
"Version": "2012-10-17",
"Statement": [
{
"Effect":"Allow",
"Action":[
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource":"arn:aws:s3:::bucket"
},
{
"Sid": "Stmt123456789",
"Effect": "Allow",
"Action": [
"s3:CreateBucket", # and this should be removed.
"s3:DeleteObject",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::bucket/Target_Folder/*"
]
}
]
}
| 归档时间: |
|
| 查看次数: |
3659 次 |
| 最近记录: |