堆栈内存溢出
  简体   繁体   English

AWS S3 ListMultipartUploads:访问被拒绝

[英]AWS S3 ListMultipartUploads : access denied

 原文  2017-07-19 07:18:05       c#/ amazon-web-services/ amazon-s3/ aws-sdk/ aws-sdk-net

问题描述

I have followed this blog in order to setup my AWS IAM and S3 accounts with Web Identity Federation. 我已经关注此博客 ,以便使用Web Identity Federation设置我的AWS IAM和S3帐户。 I am able to authenticate and receive session credentials and tokens all fine. 我能够验证和接收会话凭证和令牌都很好。 I am also able to Download and Upload objects. 我也可以下载和上传对象。 However, I am getting: 但是,我得到了:

access denied 拒绝访问

on the following ListMultipartUploads request: 在以下ListMultipartUploads请求中: 

var request = new ListMultipartUploadsRequest()
{
    BucketName = bucketName,
    Prefix = $"{UserId}/"
};

var response = await s3Client.ListMultipartUploadsAsync(request);

The access policy attached to my IAM role is: 附加到我的IAM角色的访问策略是: 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:AbortMultipartUpload",
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": "arn:aws:s3:::mybucket/${myidentityprovider:userId}/*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:ListBucketMultipartUploads"
            ],
            "Resource": [
                "arn:aws:s3:::mybucket"
            ],
            "Condition": {
                "StringLike": {
                    "s3:prefix": "${myidentityprovider:userId}/"
                }
            }
        }
    ]
}

As you can see, I have the permission "s3:ListBucketMultipartUploads", so the user should be able to perform ListMultiPartUploads on their buckets. 如您所见,我拥有“s3:ListBucketMultipartUploads”权限,因此用户应该能够在其存储桶上执行ListMultiPartUploads。 What am I doing wrong? 我究竟做错了什么?

1 个解决方案

解决方案1
 0  2017-09-08 18:44:14

I see an error in your prefix statement, 我在你的前缀语句中看到一个错误,

It needs to be an array, 它需要是一个数组,

"s3:prefix": ["${myidentityprovider:userId}/*"] “s3:prefix”:[“$ {myidentityprovider:userId} / *”] 

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "s3:AbortMultipartUpload",
            "s3:DeleteObject",
            "s3:GetObject",
            "s3:PutObject"
        ],
        "Resource": "arn:aws:s3:::mybucket/${myidentityprovider:userId}/*"
    },
    {
        "Effect": "Allow",
        "Action": [
            "s3:ListBucket",
            "s3:ListBucketMultipartUploads"
        ],
        "Resource": [
            "arn:aws:s3:::mybucket"
        ],
        "Condition": {
            "StringLike": {
                "s3:prefix": ["${myidentityprovider:userId}/*"]
            }
        }
    }
]}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用传输实用程序拒绝 AWS S3 访问的 C# - C# with AWS S3 access denied with transfer utility AWS S3-访问被拒绝,请求尚未生效 - AWS S3 - Access denied , Request is not yet valid S3存储桶中的访问被拒绝 - Access Denied in S3 Bucket 如何使用在端口443上部署的API尝试读取S3对象来修复AWS S3上的访问被拒绝的问题 - How to fix access denied issue on aws S3 with API deployed on port 443 trying to read the s3 objects 发送文件 S3 访问被拒绝 - Send File S3 Access Denied AWS S3中的物理文件访问 - Physical file access in AWS S3 从AWS S3访问视频 - Access video from aws s3 具有KMS加密的S3 PutObject失败,并显示403“访问被拒绝”错误 - S3 PutObject with KMS encryption fails with 403 “Access Denied” error AWS S3授予对整个文件夹的访问权限 - C# - AWS S3 Granting Access to entire folder - C# 为什么通过C#AWS开发工具包将文件上传到s3,却显示拒绝权限错误? - Why is uploading a file to s3 via the C# AWS SDK giving a permission denied error?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM