问题描述

我正在努力使AWS S3 IAM用户策略生效，这是我当前的IAM用户策略:

I am struggling to get a AWS S3 IAM user policy to work, this is my current IAM user's policy:

{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Sid": "Stmt1424859689000",
        "Effect": "Allow",
        "Action": [
          "s3:DeleteObject",
          "s3:GetObject",
          "s3:PutObject"
        ],
        "Resource": [
          "arn:aws:s3:::vault-us/*"
        ]
      }
    ]
  }

当我在S3存储桶中发布帖子以创建新对象时，出现403禁止错误，但是当我使用名为"AmazonS3FullAccess"的托管策略时，一切正常.

When I do a post to create a new object in my S3 bucket I get a 403 Forbidden error but when I use the Managed Policy called 'AmazonS3FullAccess' then everything works just fine.

我想做的是限制某些IAM用户上载/下载权限，但正在努力使其正常工作.

What I am trying to do is restrict certain IAM users to upload/downloads rights but am struggling to get this working.

任何建议将不胜感激！

推荐答案

我设法弄清楚，为了使上传正常工作，我需要添加操作"s3:PutObjectAcl"，以下是我的IAM策略示例:

I managed to figure out that in order for upload to work I needed to include the action "s3:PutObjectAcl" here is the example of my IAM policy below:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "s3:GetBucketLocation",
                    "s3:ListAllMyBuckets"
                ],
                "Resource": "arn:aws:s3:::*"
            },
            {
                "Effect": "Allow",
                "Action": [
                    "s3:ListBucket"
                ],
                "Resource": [
                    "arn:aws:s3:::vault-us"
                ]
            },
            {
                "Effect": "Allow",
                "Action": [
                    "s3:PutObject",
                    "s3:PutObjectAcl"
                ],
                "Resource": [
                    "arn:aws:s3:::vault-us/*"
                ]
            }
        ]
    }

这篇关于IAM用户策略在Amazon S3存储桶上返回403禁止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！