堆栈内存溢出
  简体   繁体   English

通过 AWS 控制台访问根帐户时,使用 CloudFront 403 错误上传的文件

[英]Files uploaded with CloudFront 403 error when access Root account via AWS Console

 原文  2019-10-22 18:01:15       amazon-web-services/ amazon-s3/ amazon-cloudfront

问题描述

Uploading files through CloudFront to s3 bucket via a CloudFront Origin Access Identity runs successfully, however properties of the uploaded files are unable to be modified and some meta-data is unable to be accessed by the root user of my AWS account.通过 CloudFront 原始访问身份通过 CloudFront 将文件上传到 s3 存储桶成功运行,但是上传文件的属性无法修改,并且我的 AWS 账户的根用户无法访问某些元数据。 I am able to get the files through the CloudFront endpoint, however I do not understand why I am not able to modify or access some fields of the uploaded files through my AWS root account via the AWS Management Console.我能够通过 CloudFront 端点获取文件,但是我不明白为什么我无法通过 AWS 管理控制台通过我的 AWS 根账户修改或访问上传文件的某些字段。

The default ACL in the s3 bucket is for the root user account as can be seen below: s3 存储桶中的默认 ACL 用于 root 用户帐户,如下所示:

AWS s3 ACL 选项卡

I added in a second policy to my bucket just to ensure that the root user has explicit access to the files.我在我的存储桶中添加了第二个策略,只是为了确保 root 用户具有对文件的显式访问权限。 The full bucket policy can be seen below:完整的存储桶策略如下所示:

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity 00000000000000"
                ]
            },
            "Action": [
                "s3:PutObject",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::my-bucket/stuff/",
                "arn:aws:s3:::my-bucket/stuff/*",
                "arn:aws:s3:::my-bucket/other-stuff/",
                "arn:aws:s3:::my-bucket/other-stuff/*"
            ]
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::000000000000:root"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::my-bucket/stuff/",
                "arn:aws:s3:::my-bucket/stuff/*",
                "arn:aws:s3:::my-bucket/other-stuff/",
                "arn:aws:s3:::my-bucket/other-stuff/*"
            ]
        }
    ]
}

When I view a file that I have uploaded through CloudFront I am receiving a Access Denied for numerous options on the file overview tab:当我查看通过 CloudFront 上传的文件时,我在文件概览选项卡上收到许多选项的拒绝访问:

AWS S3 存储桶文件概览选项卡

I am also receiving more Access Denied from the file properties tab on the same file:我还从同一文件的文件属性选项卡中收到更多拒绝访问: AWS S3 存储桶文件属性选项卡

1 个解决方案

解决方案1
 3 已采纳  2019-10-23 03:54:25

You need to pass ACL "Bucket-owner-full-control" with the PUT/POST call you're making with CloudFront link and also modify the Bucket policy for CloudFront to allow you PutobjectACL.您需要通过使用 CloudFront 链接进行的 PUT/POST 调用传递 ACL “Bucket-owner-full-control” ,还需要修改 CloudFront 的存储桶策略以允许您使用 PutobjectACL。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 访问另一个帐户上传的文件时,Cloudfront 403错误 - Cloudfront 403 error while accessing files uploaded by another account 我的亚马逊教育账户的 CloudFront AWS 出现 403 错误 - 403 error in CloudFront AWS for my amazon educate account 具有签名URL的AWS CloudFront:403访问被拒绝 - AWS CloudFront with Signed URL: 403 Access Denied 如何通过 AWS Organizations 创建的根账户进行新访问? - How to access newly, via AWS Organizations created root account? AWS Route 53 与 Cloudfront 集成错误 (403) - AWS Route 53 integration with Cloudfront error (403) 启用MFA时转移AWS Root帐户访问权限 - Transferring AWS Root Account access when MFA is enabled AWS Cloudfront 黑名单,通过 VPN 访问 - AWS Cloudfront blacklist, access via VPN AWS上是否允许使用正文获取请求? 来自CloudFront的403错误 - Are Get request with body allowed on AWS? 403 error from CloudFront 加载 AWS CloudFront 文件时出现 403(禁止) - Getting 403 (Forbidden) when loading AWS CloudFront file 为什么 AWS Cloudfront 使用签名 URL 会出现 403 错误 - Why does AWS Cloudfront have a 403 error using Signed Urls
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM