I'm looking to set up a transfer job to take files stored within an S3 bucket and load them to a GCS bucket. The credentials that I have give me access to the folder that contains the files that I need from S3 but not to the higher level folders.
当我尝试使用"Amazon S3存储桶"下的S3存储桶名称以及访问密钥ID&设置传输作业时,机密访问密钥已填写,由于我的凭据限制,访问被拒绝,正如您所期望的那样.但是,如果我将额外的路径信息添加为前缀项(例如'Production/FTP/CompanyName'),并且确实可以访问此文件夹,则访问将被 still 拒绝.
When I try to set up the transfer job with the S3 bucket name under 'Amazon S3 bucket' and the access key ID & secret access key filled-in, the access is denied as you would expect given the limits of my credentials. However, access is still denied if I add the extra path information as a Prefix item (e.g. 'Production/FTP/CompanyName') and I do have access to this folder.
It seems as though I can't get past the fact that I do not have access to the root directory. Is there any way around this?
The service account must have the following permissions for the source bucket:
storage.buckets.get Allows the service account to get the location of the bucket. Always required.
storage.objects.list Allows the service account to list objects in the bucket. Always required.
storage.objects.get Allows the service account to read objects in the bucket. Always required.
storage.objects.delete Allows the service account to delete objects in the bucket. Required if you set deleteObjectsFromSourceAfterTransfer to true.
The roles/storage.objectViewer and roles/storage.legacyBucketReader roles together contain the permissions that are always required. The roles/storage.legacyBucketWriter role contains the storage.objects.delete permissions. The service account used to perform the transfer must be assigned the desired roles.
You have to set this permissions on your AWS bucket.