问题描述

在移动到AWS EC2，我想限制有很好的理由我的情况下，用户权限。一件事的情况下需要做的是对S3和访问文件，写文件存在。然而，我找不到任何方法来实现这一目标而不给予所有权限给该用户

In moving to AWS EC2, I want to restrict my instances' user permissions for good reason. One thing the instances need to do is access files on S3 and write files there. However, I cannot find any way to achieve this without giving all permissions to that user.

s3cmd允许我呼吁S3桶我给了政策，允许LS和杜拉拉，而是试图把/同步的其中一个文件夹时，总是失败，403错误。如果我用我的根证书，转让云的权利，通过。

s3cmd allows me to call "ls" and "du" on the s3 buckets I gave the policy permission to, but always fails with a 403 error when trying to PUT/sync with one of these folders. If I use my root credentials, the transfer goes right through.

所以，我不知道为什么，如果我给所有权限给用户表示桶，也不能放，但如果我给它的 ARN：AWS：S3 * （:::所有桶），那么就可以了。是没有意义的我。

So, I don't get why if I give all permissions to the user for said buckets, it cannot PUT, but if I give it arn:aws:s3:::* (all buckets) then it can. Makes no sense to me.

任何人曾经处理过？

推荐答案

尝试这样的事情。我认为这个问题是你需要S3：ListAllMyBuckets和S3：ListBuckets为s3cmd工作。不知道为什么，但它不会工作，除非能得到桶的列表。我有同样的问题，我第一次尝试使用权限与s3cmd，这是解决方案。

Try something like this. I think the problem is that you need s3:ListAllMyBuckets and s3:ListBuckets for the s3cmd to work. Not sure why but it wont work unless it can get a list of the buckets. I had the same problem the first time i tried to use permissions with s3cmd and this was the solution.

{
  "Statement": [
    {
      "Action": [
        "s3:ListAllMyBuckets"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::*"
    },
    {
      "Action": [
          "s3:ListBucket",
          "s3:PutObject",
          "s3:PutObjectAcl"
      ],
      "Effect": "Allow",
      "Resource": [
          "arn:aws:s3:::bucket/path",
          "arn:aws:s3:::bucket/path/*"
      ]
    }
  ]
}

修改我已经添加了 S3：通过下面将杰索普的规定所需要的较新版本s3cmd的PutObjectAcl 动作

这篇关于对于PUT /同步必要s3cmd S3权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！