如何创建 AWS 访问点策略,而不会收到“错误策略具有无效资源”?
[英]How do I create an AWS Access Point Policy, without getting "Error Policy has invalid resource"?
问题描述
Using
使用
$ aws s3 mb s3://freds-321-pizza
make_bucket: freds-321-pizza
to successfully create a bucket.成功创建存储桶。 Using AWS Console使用 AWS 控制台
- create access point, name - freds-access-point创建访问点,名称 - freds-access-point
- check inte.net box检查互联网框
- "block all public access" - tried with this on and off “阻止所有公共访问” - 尝试打开和关闭
- ARN - created [arn:aws:s3:us-east-1:************:accesspoint/freds-access-point ARN - 创建 [arn:aws:s3:us-east-1:************:accesspoint/freds-access-point
- Submit "Create Access Point"提交“创建接入点”
- Successfully created access point: freds-access-point成功创建访问点:freds-access-point
Go back into Access Point and Edit Policy, as follows; Go 回到Access Point 并编辑Policy,如下;
{
"Version": "2012-10-17",
"Statement": [
{
"Action": ["s3:GetObject","s3:PutObject"],
"Effect": "Allow",
"Principal": {"AWS": ["*"]},
"Resource": ["arn:aws:s3:::freds-321-pizza/*"]
}
]
}
Getting "Error Policy has invalid resource" , please help?获取“错误策略具有无效资源” ,请帮忙?
Note: AWS CLI;注意:AWS CLI; --doesn't work --不起作用
aws s3control get-access-point --name freds-access-point --account-id ************
Will update when I find the right command.当我找到正确的命令时会更新。
1 个解决方案
解决方案1
1 2022-10-12 14:55:10
This is beacause you're giving the S3 Bucket ARN, not the actual resources you want to attach to the policy.这是因为您提供的是 S3 存储桶 ARN,而不是您要附加到策略的实际资源。 Objects within the S3 are the actual resources you look for. S3 中的对象是您要查找的实际资源。
Your Resource should look something like this:您的资源应如下所示:
"Resource": "arn:aws:s3:zone:account_ID:accesspoint/access-point-name/object/*"
/object/ /目的/
Hope this was helpful!希望这对您有所帮助!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.