[英]Is there a minimum size for aws s3 sync to work?
I need to move the contents from the S3 bucket I have been using up until now (src-bucket) to a new S3 bucket within a new AWS account (dst-bucket). 我需要将内容从到目前为止一直使用的S3存储桶(src-bucket)移到新的AWS账户(dst-bucket)中的新S3存储桶。 As far as I can tell, the straight forward approach would be
据我所知,直接的方法是
aws s3 sync s3://src-bucket s3://dst-bucket --exclude "*" --include="important_prefix*"
But this only works a bit. 但这只能起作用。 For a subset of objects I keep getting the error message
对于对象的子集,我不断收到错误消息
An error occurred (AccessDenied) when calling the CopyObject operation: Access Denied
and I cannot find the reason why. 我找不到原因。
So far I can tell that all the files that cannot be synced are rather small (less than 700kb) while the successfully copied ones are at least a couple of MB each. 到目前为止,我可以说所有无法同步的文件都非常小(小于700kb),而成功复制的文件每个都至少有几个MB。
Is there some minimum object size (with a relatively high default value) that must be met before s3 sync
can do its work? 在
s3 sync
执行其工作之前,是否必须满足一些最小对象大小(具有相对较高的默认值)?
More information 更多信息
aws s3 cp
and aws s3api get-object
the problematic objects. aws s3 cp
和aws s3api get-object
有问题的对象。 They just fail with aws s3 sync
. aws s3 sync
失败。 S3FullAccess
permissions S3FullAccess
权限的用户 I added the following bucket policy to src-bucket 我在src-bucket中添加了以下存储桶策略
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Example permissions", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::newaccountid:user/myadminuser" }, "Action": [ "s3:GetBucketLocation", "s3:ListBucket" ], "Resource": "arn:aws:s3:::src-bucket" }, { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::newaccountid:user/myadminuser" }, "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject" ], "Resource": "arn:aws:s3:::src-bucket/*" } ] }
aws s3 sync
as the newaccountid:user/myadminuser aws s3 sync
:user / myadminuser I can browse around src-bucket
with the user from the new account and I can upload and download files just fine. 我可以从新帐户中与用户一起浏览
src-bucket
,也可以上传和下载文件。 Running the initially mentioned aws s3 sync
command copies a few 100 objects from src-bucket
to dst-bucket
, but fails for some other hundrets of objects. 运行最初提到的
aws s3 sync
命令将几百个对象从src-bucket
复制到dst-bucket
,但对于其他一些对象对象则失败。
I tried comparing the not-sync-able objects to those that I was able to sync successfully. 我尝试将无法同步的对象与能够成功同步的对象进行比较。 I did a
aws s3api get-object-acl
on many objects in src-bucket
. 我对
src-bucket
许多对象做了aws s3api get-object-acl
。 Their ACLs all look the same, for successfully copied ones and copy-failed ones: 对于成功复制的ACL和复制失败的ACL,它们的ACL看起来都一样:
{
"Owner": {
"ID": "reallylongidihadbashcomparethemformetomakesuretheyareidentical"
},
"Grants": [
{
"Grantee": {
"Type": "CanonicalUser",
"ID": "reallylongidihadbashcomparethemformetomakesuretheyareidentical"
},
"Permission": "FULL_CONTROL"
}
]
}
On dst-bucket
the really long id is a different one, but apart from that the ACLs look the same. 在
dst-bucket
,真正的长ID是一个不同的ID,但除此之外,ACL看起来相同。
No, there is no such thing. 不,没有这样的事情。 I was correlating the wrong things.
我把错误的事情联系起来。 Apparently
s3 sync
"depends" on being able to copy the objects' tags, as well as their data. 显然,
s3 sync
“取决于”能够复制对象的标签及其数据。 Reading objects' tags is a separate privilege from reading the objects data. 读取对象的标签是与读取对象数据不同的特权。 I was missing the
s3:GetObjectTagging
action when granting rights to my new user. 向新用户授予权限时,我缺少
s3:GetObjectTagging
操作。
Apparently "they" started splitting data into much smaller chunks at the same time they started using object tags. 显然,“他们”在开始使用对象标签的同时就开始将数据拆分成更小的块。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.