问题描述
在移动到AWS EC2,我想限制有很好的理由我的情况下,用户权限。一件事的情况下需要做的是对S3和访问文件,写文件存在。然而,我找不到任何方法来实现这一目标而不给予所有权限给该用户
In moving to AWS EC2, I want to restrict my instances' user permissions for good reason. One thing the instances need to do is access files on S3 and write files there. However, I cannot find any way to achieve this without giving all permissions to that user.
s3cmd允许我呼吁S3桶我给了政策,允许LS和杜拉拉,而是试图把/同步的其中一个文件夹时,总是失败,403错误。如果我用我的根证书,转让云的权利,通过。
s3cmd allows me to call "ls" and "du" on the s3 buckets I gave the policy permission to, but always fails with a 403 error when trying to PUT/sync with one of these folders. If I use my root credentials, the transfer goes right through.
所以,我不知道为什么,如果我给所有权限给用户表示桶,也不能放,但如果我给它的 ARN:AWS:S3 * (:::所有桶),那么就可以了。是没有意义的我。
So, I don't get why if I give all permissions to the user for said buckets, it cannot PUT, but if I give it arn:aws:s3:::* (all buckets) then it can. Makes no sense to me.
任何人曾经处理过?
推荐答案
尝试这样的事情。我认为这个问题是你需要S3:ListAllMyBuckets和S3:ListBuckets为s3cmd工作。不知道为什么,但它不会工作,除非能得到桶的列表。我有同样的问题,我第一次尝试使用权限与s3cmd,这是解决方案。
Try something like this. I think the problem is that you need s3:ListAllMyBuckets and s3:ListBuckets for the s3cmd to work. Not sure why but it wont work unless it can get a list of the buckets. I had the same problem the first time i tried to use permissions with s3cmd and this was the solution.
{
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
},
{
"Action": [
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::bucket/path",
"arn:aws:s3:::bucket/path/*"
]
}
]
}
修改我已经添加了 S3:通过下面将杰索普的规定所需要的较新版本s3cmd的PutObjectAcl
动作
这篇关于对于PUT /同步必要s3cmd S3权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!