权限为s3时

权限为s3时

关注
发信
关注(28)粉丝(399)

权限为s3时,S3存储桶的ListObjects的AccessDenied:*

本文介绍了权限为s3时,S3存储桶的ListObjects的AccessDenied:*的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我得到:

当我尝试从S3存储桶中获取文件夹时.

When I try to get folder from my S3 bucket.

使用此命令:

aws s3 cp s3://bucket-name/data/all-data/ . --recursive

存储桶的IAM权限如下:

The IAM permissions for the bucket look like this:

{
"Version": "version_id",
"Statement": [
    {
        "Sid": "some_id",
        "Effect": "Allow",
        "Action": [
            "s3:*"
        ],
        "Resource": [
            "arn:aws:s3:::bucketname/*"
        ]
    }
] }

要成功成功地copyls,我需要更改什么?

What do I need to change to be able to copy and ls successfully?

推荐答案

您已授予对S3存储桶中的对象执行命令的权限,但尚未授予对存储桶本身执行任何操作的权限.

You have given permission to perform commands on objects inside the S3 bucket, but you have not given permission to perform any actions on the bucket itself.

稍微修改您的策略将如下所示:

Slightly modifying your policy would look like this:

{
  "Version": "version_id",
  "Statement": [
    {
        "Sid": "some_id",
        "Effect": "Allow",
        "Action": [
            "s3:*"
        ],
        "Resource": [
            "arn:aws:s3:::bucketname",
            "arn:aws:s3:::bucketname/*"
        ]
    }
  ]
}

但是,这可能会提供比所需更多的权限.遵循授予最低要求的AWS IAM最佳实践特权如下所示:

However, that probably gives more permission than is needed. Following the AWS IAM best practice of Granting Least Privilege would look something like this:

{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Effect": "Allow",
          "Action": [
              "s3:ListBucket"
          ],
          "Resource": [
              "arn:aws:s3:::bucketname"
          ]
      },
      {
          "Effect": "Allow",
          "Action": [
              "s3:GetObject"
          ],
          "Resource": [
              "arn:aws:s3:::bucketname/*"
          ]
      }
  ]
}

这篇关于权限为s3时,S3存储桶的ListObjects的AccessDenied:*的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-22 08:35
Powered by LMLPHP ©2025 权限为s3时 0.041286