本文介绍了如何修复AccessDened调用CopyObject的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试将文件从A帐户中的存储桶复制到B帐户中的另一个存储桶中。当我尝试使用命令同步文件时

aws s3 sync s3://BUCKET_A s3://BUCKET_B

它返回以下输出:

copy failed: s3://BUCKET_A to s3://BUCKET_B An error occurred (AccessDenied) when calling the CopyObject operation: Access Denied

这是附加到在B帐户(将从存储区A复制文件的位置)中创建的用户的策略:

{
    "Version": "2012-10-17",
    "Statement": [
      {
          "Effect": "Allow",
          "Action": [
              "s3:ListBucket",
              "s3:GetObject",
              "s3:PutObject",
              "s3:PutObjectAcl"
          ],
          "Resource": [
              "arn:aws:s3:::BUCKET_A",
              "arn:aws:s3::: BUCKET_A/*"
          ]
      },
      {
          "Effect": "Allow",
          "Action": [
              "s3:ListBucket",
              "s3:GetObject",
              "s3:PutObject",
              "s3:PutObjectAcl"
          ],
          "Resource": [
              "arn:aws:s3:::BUCKET_B",
              "arn:aws:s3:::BUCKET_B/*"
          ]
      }
    ]
}

可能我错过了某些许可?我找不到要添加到我的用户/存储桶策略中的权限CopyObject

推荐答案

在您的IAM角色策略端,您需要以下内容:

  {
    "Version": "2012-10-17",
    "Statement": [
      {
          "Effect": "Allow",
          "Action": [
              "s3:ListBucket",
              "s3:GetObject",
              "s3:PutObject",
              "s3:PutObjectAcl"
          ],
          "Resource": [
              "arn:aws:s3:::BUCKET_A",
              "arn:aws:s3::: BUCKET_A/*"
          ]
      },
      {
          "Effect": "Allow",
          "Action": [
              "s3:ListBucket",
              "s3:GetObject",
              "s3:PutObject",
              "s3:PutObjectAcl"
          ],
          "Resource": [
              "arn:aws:s3:::BUCKET_B",
              "arn:aws:s3:::BUCKET_B/*"
          ]
      }
    ]
}

您需要将这些权限添加到Bucket_B

{
         "Sid": "Example permissions",
         "Effect": "Allow",
         "Principal": {
            "AWS": "arn:aws:iam::your_iam_policy"
         },
         "Action": [
              "s3:ListBucket",
              "s3:GetObject",
              "s3:PutObject",
              "s3:PutObjectAcl"
          ],
         ],
         "Resource": [
            "arn:aws:s3:::BUCKET_B"
         ]
      }

这篇关于如何修复AccessDened调用CopyObject的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

05-29 13:05