[英]AWS S3 Request Fails with credentials obtained from TVM Client
In my iOS app I recently changed the AWS iOS
Library to 1.7.0 (from 1.6.0) which supports resuming/pausing multipart upload. 最近,在我的iOS应用中,我将AWS iOS
库从1.6.0更改为1.7.0,该库支持恢复/暂停分段上传。 As a result all file uploads greater than 5MB
fails which uses temporary AWS credentials obtained from TVM
. 结果,所有大于5MB
文件上传都会失败,这将使用temporary AWS credentials obtained from TVM
。 (Original credentials work without any problem). (原始凭据可以正常使用)。 The error being HTTP: 403, S3 Error Code: AccessDenied
. 错误为HTTP: 403, S3 Error Code: AccessDenied
。
The request that fails is this one: GET https://s3.amazonaws.com/<my.bucket.name>/?uploads
I am not sure what this request is for or why there is a permission issue because my TVM get_federation_token
has GET
and PUT
access. 失败的请求是这样的: GET https://s3.amazonaws.com/<my.bucket.name>/?uploads
我不确定此请求是针对什么还是为什么存在权限问题,因为我的TVM get_federation_token
具有GET
和PUT
访问。
{
"Version": "2012-10-17",
"Statement": [
{
"Action": ["s3:PutObject","s3:GetObject"],
"Resource": ["arn:aws:s3:::my.bucket.name/*"],
"Effect": "Allow"
}
]
}
The uploads are happening to the location /<my.bucket.name>/
. 上载发生在/<my.bucket.name>/
位置。 Any idea what is going on? 知道发生了什么吗?
Thanks 谢谢
UPDATE The initial policy I posted was incorrect, s3:ListBucketMultipartUploads
is only effective on the bucket. 更新我发布的初始策略不正确, s3:ListBucketMultipartUploads
仅对存储桶有效。
The S3TransferManager uses multipart uploads for files over 5MB, so you will need to include operations necessary for multipart uploads in your TVM policy. S3TransferManager对5MB以上的文件使用分段上传,因此您需要在TVM策略中包括分段上传所需的操作。
{
"Version": "2012-10-17",
"Statement": [
{
"Action":"s3:ListBucketMultipartUploads",
"Resource":"arn:aws:s3:::my.bucket.name",
"Effect": "Allow"
},
{
"Action": ["s3:PutObject","s3:GetObject","s3:ListMultipartUploadParts","s3:AbortMultipartUpload"],
"Resource": ["arn:aws:s3:::my.bucket.name/*"],
"Effect": "Allow"
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.