[英]S3 bucket access denied from Jenkins
I am trying to upload build files from Jenkins to S3 Bucket. 我正在尝试将构建文件从Jenkins上传到S3 Bucket。 I wanted only Cloudfront & the user
deployer
to have access to the bucket, the policy is as follows: 我只希望Cloudfront和用户
deployer
能够访问存储桶,策略如下:
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity XXXXXXXXXX"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::samplebucket/*"
},
{
"Sid": "2",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::1234567890:user/deployer"
]
},
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::samplebucket",
"arn:aws:s3:::samplebucket/*"
]
}
]
}
This policy is not allowing the deployer
to upload objects to S3. 此策略不允许
deployer
将对象上载到S3。 Whereas if i set the bucket access to public, i am able to successfully upload the objects from Jenkins. 然而,如果我将存储桶访问设置为公共,我能够成功上传Jenkins中的对象。 I don't want my buckets to be public.
我不希望我的水桶公开。
I am using a user with Access Key and Secret Key to access the bucket with full permissions, but checked Use IAM Role
in Jenkins -> Configure System -> Amazon S3 Profiles. 我使用具有访问密钥和密钥的用户以完全权限访问存储桶,但选中了在Jenkins中
Use IAM Role
- >配置系统 - > Amazon S3配置文件。 Just uncheck , you are good to go. 只是取消选中,你很高兴。 Probably i need to check it only when using a role.
可能我只需要在使用角色时检查它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.