本文介绍了对于PUT /同步必要s3cmd S3权限的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在移动到AWS EC2,我想限制有很好的理由我的情况下,用户权限。一件事的情况下需要做的是对S3和访问文件,写文件存在。然而,我找不到任何方法来实现这一目标而不给予所有权限给该用户

In moving to AWS EC2, I want to restrict my instances' user permissions for good reason. One thing the instances need to do is access files on S3 and write files there. However, I cannot find any way to achieve this without giving all permissions to that user.

s3cmd允许我呼吁S3桶我给了政策,允许LS和杜拉拉,而是试图把/同步的其中一个文件夹时,总是失败,403错误。如果我用我的根证书,转让云的权利,通过。

s3cmd allows me to call "ls" and "du" on the s3 buckets I gave the policy permission to, but always fails with a 403 error when trying to PUT/sync with one of these folders. If I use my root credentials, the transfer goes right through.

所以,我不知道为什么,如果我给所有权限给用户表示桶,也不能放,但如果我给它的 ARN:AWS:S3 * (:::所有桶),那么就可以了。是没有意义的我。

So, I don't get why if I give all permissions to the user for said buckets, it cannot PUT, but if I give it arn:aws:s3:::* (all buckets) then it can. Makes no sense to me.

任何人曾经处理过?

推荐答案

尝试这样的事情。我认为这个问题是你需要S3:ListAllMyBuckets和S3:ListBuckets为s3cmd工作。不知道为什么,但它不会工作,除非能得到桶的列表。我有同样的问题,我第一次尝试使用权限与s3cmd,这是解决方案。

Try something like this. I think the problem is that you need s3:ListAllMyBuckets and s3:ListBuckets for the s3cmd to work. Not sure why but it wont work unless it can get a list of the buckets. I had the same problem the first time i tried to use permissions with s3cmd and this was the solution.

{
  "Statement": [
    {
      "Action": [
        "s3:ListAllMyBuckets"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::*"
    },
    {
      "Action": [
          "s3:ListBucket",
          "s3:PutObject",
          "s3:PutObjectAcl"
      ],
      "Effect": "Allow",
      "Resource": [
          "arn:aws:s3:::bucket/path",
          "arn:aws:s3:::bucket/path/*"
      ]
    }
  ]
}

修改我已经添加了 S3:通过下面将杰索普的规定所需要的较新版本s3cmd的PutObjectAcl 动作

这篇关于对于PUT /同步必要s3cmd S3权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-28 13:03