本文介绍了如何修复AccessDened调用CopyObject的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试将文件从A帐户中的存储桶复制到B帐户中的另一个存储桶中。当我尝试使用命令同步文件时
aws s3 sync s3://BUCKET_A s3://BUCKET_B
它返回以下输出:
copy failed: s3://BUCKET_A to s3://BUCKET_B An error occurred (AccessDenied) when calling the CopyObject operation: Access Denied
这是附加到在B帐户(将从存储区A复制文件的位置)中创建的用户的策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::BUCKET_A",
"arn:aws:s3::: BUCKET_A/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::BUCKET_B",
"arn:aws:s3:::BUCKET_B/*"
]
}
]
}
可能我错过了某些许可?我找不到要添加到我的用户/存储桶策略中的权限CopyObject
推荐答案
在您的IAM角色策略端,您需要以下内容:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::BUCKET_A",
"arn:aws:s3::: BUCKET_A/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::BUCKET_B",
"arn:aws:s3:::BUCKET_B/*"
]
}
]
}
您需要将这些权限添加到Bucket_B
{
"Sid": "Example permissions",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::your_iam_policy"
},
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
],
"Resource": [
"arn:aws:s3:::BUCKET_B"
]
}
这篇关于如何修复AccessDened调用CopyObject的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!