[英]Boto3 S3 error - AccessDenied when calling the PutObjectAcl
Trying to generate a publicly-accessible URL for a file that was uploaded into an S3 bucket using the following code:尝试使用以下代码为上传到 S3 存储桶的文件生成可公开访问的 URL:
client = boto3.client('s3', config=botocore.client.Config(signature_version=botocore.UNSIGNED))
client.put_object_acl(Bucket="my-bucket", Key=filename, ACL='public-read')
throws the exception:抛出异常:
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutObjectAcl operation: Access Denied
My S3 bucket has the following policy:我的 S3 存储桶具有以下策略:
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::my-bucket/*",
"Condition": {}
}
]
}
Any tips would be most welcome!任何提示将是最受欢迎的! Thanks
谢谢
Pay attention that you also need to adjust KMS key access:注意你还需要调整KMS密钥访问:
https://aws.amazon.com/premiumsupport/knowledge-center/copy-s3-objects-account/ https://aws.amazon.com/premiumsupport/knowledge-center/copy-s3-objects-account/
Important: If your S3 bucket has default encryption with AWS Key Management Service (AWS KMS) enabled, then you must also modify the AWS KMS key permissions.
重要提示:如果您的 S3 存储桶启用了 AWS Key Management Service (AWS KMS) 的默认加密,则您还必须修改 AWS KMS 密钥权限。 For instructions, see My Amazon S3 bucket has default encryption using a custom AWS KMS key.
有关说明,请参阅我的 Amazon S3 存储桶使用自定义 AWS KMS 密钥进行默认加密。 How can I allow users to download from and upload to the bucket?
如何允许用户从存储桶下载和上传到存储桶?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.