[英]Amazon S3 upload failed - access denied
I am trying to upload files via AWS Amplify to an existing s3 bucket. 我正在尝试通过AWS Amplify将文件上传到现有的s3存储桶。
I am not using use AWS MobileHub . 我没有使用AWS MobileHub 。
I created new Identity Pool according to this guide and in the end this is my policy for this role: 我根据此指南创建了新的身份池,最后这是我担任该角色的政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:*",
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Resource": "*"
}
]
}
In my code, I configured Amplify as follows: 在我的代码中,我将Amplify配置如下:
Amplify.configure({
'aws_cognito_identity_pool_id': 'us-east-2:f37baa...',
'aws_cognito_region': 'us-east-2',
'aws_user_files_s3_bucket': 'demo',
'aws_user_files_s3_bucket_region': 'us-east-1',
});
And I am getting the error: 而且我得到了错误:
Error: Access Denied
at Request.extractError (s3.js:580)
at Request.callListeners (aws-sdk-core-react-native.js:3610)
at Request.emit (aws-sdk-core-react-native.js:3582)
at Request.emit (aws-sdk-core-react-native.js:7723)
at Request.transition (aws-sdk-core-react-native.js:7062)
at AcceptorStateMachine.runTo (aws-sdk-core-react-native.js:7867)
at aws-sdk-core-react-native.js:7879
at Request.<anonymous> (aws-sdk-core-react-native.js:7078)
at Request.<anonymous> (aws-sdk-core-react-native.js:7725)
at Request.callListeners (aws-sdk-core-react-native.js:3620)
UPDATE UPDATE
import Amplify from 'aws-amplify';
import { Storage } from 'aws-amplify';
Amplify.configure({
'aws_cognito_identity_pool_id': 'us-east-2:f37...',
'aws_cognito_region': 'us-east-2',
'aws_user_files_s3_bucket': 'demo',
'aws_user_files_s3_bucket_region': 'us-east-1',
});
export default class App extends Component<Props> {
...
uploadImage = async uri => {
const fileName = 'example.jpg';
await Storage.put(fileName, blob, {
contentType: 'image/jpeg',
level: 'public'
}).then(data => console.log(data))
.catch(err => console.log(err))
This is the whole code, and I just didn't add a file to get but it works for sure. 这就是整个代码,我只是没有添加要获取的文件,但是可以肯定地工作。 When I use mobile hub
aws-exports.js
, I can upload the files, but MobileHub creates some bucketsm and my use-case involves using my existing bucket. 当我使用移动中心
aws-exports.js
,可以上传文件,但是MobileHub创建了一些bucketsm,而我的用例涉及使用现有的bucket。
So if I understand well, your code is trying to access existing S3 buckets, not the one created by Amplify / Mobile Hub? 因此,如果我很好理解,您的代码正在尝试访问现有的S3存储桶,而不是Amplify / Mobile Hub创建的存储桶?
If I am correct, you'll need to update the Cognito policies to grant access to your users to the existing S3 Bucket. 如果我是对的,则需要更新Cognito策略,以向用户授予对现有S3存储桶的访问权限。
In IAM -> Roles
console, you will find two roles created by Amplify. 在
IAM -> Roles
控制台中,您将找到由Amplify创建的两个角色。 Role names are YOUR_PROJECT____DATE_TAG___[un]authrole
For example in my console : photoalbums-20190202155011-unauthRole
and photoalbums-20190202155011-authRole
角色名称是
YOUR_PROJECT____DATE_TAG___[un]authrole
例如在我的控制台中: photoalbums-20190202155011-unauthRole
和photoalbums-20190202155011-authRole
Depending if you want to grant access to authenticated users or unauthenticated users, modify the appropriate role, or both roles if you want both authenticated and unauthenticated user to have access to S3. 根据您是否要向已认证用户或未认证用户授予访问权限,请修改相应的角色,或者如果您希望已认证和未认证用户都有权访问S3,则修改两个角色。
Adding the S3 managed policy AmazonS3ReadOnlyAccess
will grant your user a read only access to your bucket. 添加S3托管策略
AmazonS3ReadOnlyAccess
将为您的用户授予对存储桶的只读访问权限。 (Please do not add AmazonS3FullAccess
or s3:*
as it will give your user to create and delete buckets and objects on your account) (请不要添加
AmazonS3FullAccess
或s3:*
因为它将使您的用户在您的帐户上创建和删除存储桶和对象)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.