使用aws s3api时出现MalformedPolicy错误
[英]MalformedPolicy error using aws s3api
问题描述
I am trying to use put-bucket-policy to add a policy to an s3 bucket via the aws s3api (Windows). 
我正在尝试使用put-bucket-policy通过aws s3api(Windows)将策略添加到s3存储桶。
I am using precisely the policy code given here http://docs.aws.amazon.com/AmazonS3/latest/dev/AccessPolicyLanguage_UseCases_s3_a.html under "Granting Permission to an Anonymous User" with my bucket name substituted in. 我正在使用此处给出的政策代码http://docs.aws.amazon.com/AmazonS3/latest/dev/AccessPolicyLanguage_UseCases_s3_a.html在“授予匿名用户权限”下我的存储桶名称被替换。
I am getting 我正进入(状态
A client error (MalformedPolicy) occured: policies must be valid JSON and the first byte must be '{'
Any clues? 有线索吗?
EDIT: Inlining the JSON works- so it is some kind of file format issue - just not one that I can see. 编辑:内联JSON工作 - 因此它是某种文件格式问题 - 只是我看不到的。 Be great to be able to get it working with files. 很高兴能够使用文件。
EDIT: To help anyone else who maybe ends up here, buckets should be named all in lowercase. 编辑:为了帮助那些可能在这里结束的人,应该用小写命名桶。 If not, some s3/s3api operations work, but not others. 如果没有,一些s3 / s3api操作可以正常工作,但其他操作则不然。 See here 看到这里
3 个解决方案
解决方案1
8 2015-12-20 00:44:54
TL;DR TL; DR
You must add file:// protocol scheme to the policy file path 您必须将file://协议方案添加到策略文件路径
$ aws s3api put-bucket-policy --bucket kryptonite \
--policy file:///home/superman/aws-example/public-bucket-policy.json
$ aws s3api put-bucket-policy --bucket kryptonite \\ --policy file://C:\\Temp\\public-bucket-policy.json
或( 相对路径 )
$ aws s3api put-bucket-policy --bucket kryptonite \\ --policy file://public-bucket-policy.json
FULL STORY: How to set public bucket policy via CLI 完整故事:如何通过CLI设置公共存储桶策略
First let's make sure there's no other policy on the bucket: 首先,让我们确保没有其他政策:
$ ls
public-bucket-policy.json
$ cat public-bucket-policy.json
{
"Statement": [
{
"Resource": "arn:aws:s3:::kryptonite/*",
"Action": "s3:GetObject",
"Principal": "*",
"Effect": "Allow",
"Sid": "AddPerm"
}
],
"Version": "2012-10-17"
}
Now let's make sure we have policy file in current directory and it contains valid json (mind name of the kryptonite bucket 现在让我们确保我们在当前目录中有策略文件,它包含有效的json( kryptonite bucket的头脑名称)
$ ls public-bucket-policy.json $ cat public-bucket-policy.json { "Statement": [ { "Resource": "arn:aws:s3:::kryptonite/*", "Action": "s3:GetObject", "Principal": "*", "Effect": "Allow", "Sid": "AddPerm" } ], "Version": "2012-10-17" }
Now let's try to put the policy by specifying just filename 现在让我们尝试通过指定文件名来放置策略
$ s3api put-bucket-policy --bucket kryptonite --policy public-bucket-policy.json A client error (MalformedPolicy) occurred when calling the PutBucketPolicy operation: Policies must be valid JSON and the first byte must be '{'
Now let's make another attempt and specify the full path $ s3api put-bucket-policy --bucket kryptonite \\ --policy /home/superman/aws-example/public-bucket-policy.json 现在让我们再做一次尝试并指定完整路径$ s3api put-bucket-policy --bucket kryptonite \\ --policy /home/superman/aws-example/public-bucket-policy.json
$ s3api put-bucket-policy --bucket kryptonite \
--policy file:///home/superman/aws-example/public-bucket-policy.json
Now let's add file:// prefix and it will work 现在让我们添加file://前缀,它会起作用
$ s3api put-bucket-policy --bucket kryptonite \\ --policy file:///home/superman/aws-example/public-bucket-policy.json
And we can now verify that this policy had been applied 我们现在可以验证是否已应用此政策
$ s3api get-bucket-policy --bucket kryptonite { "Policy": "{\\"Version\\":\\"2012-10-17\\",\\"Statement\\":[{\\"Sid\\":\\"AddPerm\\",\\"Effect\\":\\"Allow\\",\\"Principal\\":\\"*\\",\\"Action\\":\\"s3:GetObject\\",\\"Resource\\":\\"arn:aws:s3:::kryptonite/*\\"}]}" }
And as special bonus let's pipe the policy through the jq utility (twice) to extract correct field and format JSON nicely 作为特殊奖励,让我们通过jq实用程序(两次)管理策略,以提取正确的字段并很好地格式化JSON
$ s3api get-bucket-policy --bucket kryptonite | jq .Policy --raw-output | jq . { "Statement": [ { "Resource": "arn:aws:s3:::kryptonite/*", "Action": "s3:GetObject", "Principal": "*", "Effect": "Allow", "Sid": "AddPerm" } ], "Version": "2012-10-17" }
And as you can see the policy is correct 正如您所看到的,政策是正确的
解决方案2
0 已采纳 2013-10-23 11:36:08
I have gone with inling the JSON. 我已经使用了JSON。
Couple of maybe useful hints for those that end up here. 对于那些最终来到这里的人来说,几个可能有用的提示。
Bucket names: Buckets should be named all in lowercase.
存储桶名称:存储桶应全部以小写命名。 If not, some s3/s3api operations work ( mb , put-bucket-policy ), but not others (put-bucket-website ) See http://support.rightscale.com/09-Clouds/AWS/FAQs/FAQ_0094_-_What_are_valid_S3_bucket_names%3F 如果没有,一些s3 / s3api操作工作( mb , put-bucket-policy ),而不是其他(put-bucket-website )请参阅http://support.rightscale.com/09-Clouds/AWS/FAQs/FAQ_0094_- _What_are_valid_S3_bucket_names%3F If, like me, you start by using get-bucket-website on a bucket created through the S3 console to get example JSON for making a bucket a website, it may not work.
如果像我一样,你开始在通过S3控制台创建的存储桶上使用get-bucket-website来获取用于制作网站的示例JSON,它可能无效。 get-bucket-website gives you back blank entries for any unset parameters (eg RedirectAllRequestsTo ) - which gives errors if used in put-bucket-website ... Just miss parameters out if you don't need them and that works - eg get-bucket-website为你提供任何未设置参数的空白条目(例如RedirectAllRequestsTo ) - 如果在put-bucket-website中使用它会产生错误...如果你不需要它们,那么就错过参数 - 这样做有用 - 例如 {"IndexDocument":{"Suffix":"index.html"}}
{ “IndexDocument”:{ “后缀”: “index.html的”}}
is the minimum. 是最低限度的。 (remember to escape the quotes if inlining!) (如果内联,请记得逃避引号!)
解决方案3
0 2017-04-19 15:19:18
对于“完整内联”语法,请使用:
aws s3api put-bucket-policy --bucket MYBUCKETNAME --policy "{\"Version\":\"2008-10-17\", \"Statement\":[{\"Sid\":\"AllowPublicRead\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::MYBUCKETNAME/*\"}]}"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.