AWS s3同步工作是否需要最小尺寸?
[英]Is there a minimum size for aws s3 sync to work?
问题描述
I need to move the contents from the S3 bucket I have been using up until now (src-bucket) to a new S3 bucket within a new AWS account (dst-bucket). 
我需要将内容从到目前为止一直使用的S3存储桶(src-bucket)移到新的AWS账户(dst-bucket)中的新S3存储桶。 As far as I can tell, the straight forward approach would be 据我所知,直接的方法是
aws s3 sync s3://src-bucket s3://dst-bucket --exclude "*" --include="important_prefix*"
But this only works a bit. 但这只能起作用。 For a subset of objects I keep getting the error message 对于对象的子集,我不断收到错误消息
An error occurred (AccessDenied) when calling the CopyObject operation: Access Denied
and I cannot find the reason why. 我找不到原因。
So far I can tell that all the files that cannot be synced are rather small (less than 700kb) while the successfully copied ones are at least a couple of MB each. 到目前为止,我可以说所有无法同步的文件都非常小(小于700kb),而成功复制的文件每个都至少有几个MB。
Is there some minimum object size (with a relatively high default value) that must be met before s3 sync can do its work? 在s3 sync执行其工作之前,是否必须满足一些最小对象大小(具有相对较高的默认值)?
More information 更多信息
- I can perfectly
aws s3 cpandaws s3api get-objectthe problematic objects.我可以完美地aws s3 cp和aws s3api get-object有问题的对象。 They just fail withaws s3 sync.他们只是因为aws s3 sync失败。 - In both accounts I have a user with
S3FullAccesspermissions在两个帐户中,我都有一个具有S3FullAccess权限的用户 I added the following bucket policy to src-bucket
我在src-bucket中添加了以下存储桶策略 { "Version": "2012-10-17", "Statement": [ { "Sid": "Example permissions", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::newaccountid:user/myadminuser" }, "Action": [ "s3:GetBucketLocation", "s3:ListBucket" ], "Resource": "arn:aws:s3:::src-bucket" }, { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::newaccountid:user/myadminuser" }, "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject" ], "Resource": "arn:aws:s3:::src-bucket/*" } ] }- I run
aws s3 syncas the newaccountid:user/myadminuser我以newaccountid的身份运行aws s3 sync:user / myadminuser
- I run
I can browse around src-bucket with the user from the new account and I can upload and download files just fine. 我可以从新帐户中与用户一起浏览src-bucket ,也可以上传和下载文件。 Running the initially mentioned aws s3 sync command copies a few 100 objects from src-bucket to dst-bucket , but fails for some other hundrets of objects. 运行最初提到的aws s3 sync命令将几百个对象从src-bucket复制到dst-bucket ,但对于其他一些对象对象则失败。
I tried comparing the not-sync-able objects to those that I was able to sync successfully. 我尝试将无法同步的对象与能够成功同步的对象进行比较。 I did a aws s3api get-object-acl on many objects in src-bucket . 我对src-bucket许多对象做了aws s3api get-object-acl 。 Their ACLs all look the same, for successfully copied ones and copy-failed ones: 对于成功复制的ACL和复制失败的ACL,它们的ACL看起来都一样:
{
"Owner": {
"ID": "reallylongidihadbashcomparethemformetomakesuretheyareidentical"
},
"Grants": [
{
"Grantee": {
"Type": "CanonicalUser",
"ID": "reallylongidihadbashcomparethemformetomakesuretheyareidentical"
},
"Permission": "FULL_CONTROL"
}
]
}
On dst-bucket the really long id is a different one, but apart from that the ACLs look the same. 在dst-bucket ,真正的长ID是一个不同的ID,但除此之外,ACL看起来相同。
1 个解决方案
解决方案1
2 2018-05-02 11:41:45
No, there is no such thing. 不,没有这样的事情。 I was correlating the wrong things. 我把错误的事情联系起来。 Apparently s3 sync "depends" on being able to copy the objects' tags, as well as their data. 显然, s3 sync “取决于”能够复制对象的标签及其数据。 Reading objects' tags is a separate privilege from reading the objects data. 读取对象的标签是与读取对象数据不同的特权。 I was missing the s3:GetObjectTagging action when granting rights to my new user. 向新用户授予权限时,我缺少s3:GetObjectTagging操作。
Apparently "they" started splitting data into much smaller chunks at the same time they started using object tags. 显然,“他们”在开始使用对象标签的同时就开始将数据拆分成更小的块。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.