堆栈内存溢出
  简体   繁体   English

S3 存储桶策略上的 AWS 根用户权限被拒绝

[英]AWS Root User Permission Denied on S3 Bucket policy

 原文  2020-11-09 02:33:54       amazon-web-services/ amazon-s3/ permission-denied

问题描述

I created a new bucket on AWS S3 from the web wizard.我通过 Web 向导在 AWS S3 上创建了一个新存储桶。 I was logged in as root user我以 root 用户身份登录

I am attempting to add a Bucket policy as follows我正在尝试按如下方式添加Bucket policy

{
    "Version": "2012-10-17",
    "Statement": [{
        "Sid": "AddPerm",
        "Effect": "Allow",
        "Principal": "*",
        "Action": [
            "s3:GetObject"
        ],
        "Resource": [
            "arn:aws:s3:::<my-bucket-name-is-here>/*"
        ]
    }]
}

I get permission denied in both the web editor and the CLI我在 Web 编辑器和 CLI 中都被拒绝了权限

Web tool网络工具aws 管理面板错误模式

CLI An error occurred (AccessDenied) when calling the PutBucketPolicy operation: Access Denied CLI An error occurred (AccessDenied) when calling the PutBucketPolicy operation: Access Denied

In the IAM settings, the root user has full access在 IAM 设置中,root 用户具有完全访问权限

    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]

I added我加了

        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "*"
        }

I also tried adding我也尝试添加

        {
            "Sid": "ModifyBucketPolicy",
            "Action": [
                "s3:GetBucketPolicy",
                "s3:PutBucketPolicy"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::<MY-BUCKET-NAME>*"
        },

I still don't have permissions我还是没有权限

1 个解决方案

解决方案1
 6 已采纳  2020-11-10 22:13:05

Thanks to @JohnRotenstein I see that because I accepted the default "Block All Public Access" from AWS I was unable to edit the bucket policy.感谢@JohnRotenstein,我看到因为我接受了 AWS 的默认“阻止所有公共访问”,所以我无法编辑存储桶策略。 This makes sense, since the bucket policy can also control access and could thus conflict.这是有道理的,因为存储桶策略也可以控制访问,因此可能会发生冲突。

However, the error message is confusing since it makes no mention of the fact that it is the Block public access (bucket settings) that prevented updating.但是,错误消息令人困惑,因为它没有提到阻止更新的是Block public access (bucket settings)事实。 The error message stating access denied / you don't have permissions made me think it was the IAM settings on my user that were preventing me from modifying the resource.说明access denied / you don't have permissions的错误消息让我认为是我的用户的 IAM 设置阻止了我修改资源。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 root 用户(= 存储桶所有者)将存储桶策略放在 aws s3 存储桶上时访问被拒绝 - Access denied when put bucket policy on aws s3 bucket with root user (= bucket owner) 即使使用存储桶和/或用户策略,AWS s3存储桶上的访问也被拒绝 - Access denied on AWS s3 bucket even with bucket and/or user policy 更改root用户的存储桶策略时,aws s3访问被拒绝 - aws s3 access denied when changing bucket policy for root user 对S3存储桶的IAM策略的权限被拒绝 - Permission denied for IAM policy to S3 bucket AWS S3:特定存储桶的用户策略 - AWS S3: user policy for specifc bucket 适用于联合用户的AWS S3存储桶策略 - AWS S3 bucket policy to for federated user AWS S3 存储桶策略编辑器访问被拒绝 - AWS S3 Bucket policy editor access denied AWS S3存储桶策略引发访问被拒绝错误 - AWS S3 Bucket Policy throws Access Denied Error 如何使用 IAM 策略 AWS 仅向根账户用户授予对 S3 存储桶的访问权限? - How to grant access only to the Root Account User for an S3 bucket with IAM Policy AWS? 在未设置权限的情况下对AWS S3存储桶访问被拒绝 - Access Denied on AWS S3 bucket with no permission set up
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM