堆栈内存溢出
  简体   繁体   English

访问客户端的 AWS S3 存储桶

[英]Access client's AWS S3 bucket

 原文  2022-06-07 20:48:30       amazon-web-services/ amazon-s3

问题描述

We are asked to upload a file to client's S3 bucket;我们被要求将文件上传到客户的 S3 存储桶; however, we do not have AWS account (nor we plan on getting one).但是,我们没有 AWS 账户(我们也不打算获得一个)。 What is the easiest way for the client to grant us access to their S3 bucket?客户授予我们访问其 S3 存储桶的权限的最简单方法是什么?

1 个解决方案

解决方案1
 1 已采纳  2022-06-07 21:21:44

My recommendation would be for your client to create an IAM user for you that is used for the upload.我的建议是让您的客户为您创建一个用于上传的 IAM 用户。 Then, you will need to install the AWS cli .然后,您将需要安装 AWS cli On your client's side there will be a user that the only permission they have is to write to their bucket.在您的客户端,将有一个用户,他们拥有的唯一权限是写入他们的存储桶。 This can be done pretty simply and will look something like:这可以很简单地完成,看起来像:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::the-bucket-name/*",
                "arn:aws:s3:::the-bucket-name"
            ]
        }
    ]
}

I have not thoroughly tested the above permissions!我没有彻底测试过上面的权限!

Then, on your side, after you install the AWS cli you need to have two files.然后,在您这边,安装 AWS cli 后,您需要有两个文件。 They both live in the home directory of the user that runs your script.它们都位于运行脚本的用户的主目录中。 The first is $HOME/.aws/config .第一个是$HOME/.aws/config This has something like:这有类似的东西:

[default]
output=json
region=us-west-2

You will need to ask them what AWS region the bucket is in. Next is $HOME/.aws/credentials .您需要询问他们存储桶所在的 AWS 区域。接下来是$HOME/.aws/credentials This will contain something like:这将包含以下内容:

[default]
aws_access_key_id=the-access-key
aws_secret_access_key=the-secret-key-they-give-you

They must give you the region, the access key, the secret key, and the bucket name.他们必须为您提供区域、访问密钥、密钥和存储桶名称。 With all of this you can now run something like:有了这一切,你现在可以运行类似的东西:

aws s3 cp local-file-name.ext s3://the-client-bucket/destination-file-name.ext

This will transfer the local file local-file-name.ext to the bucket the-client-bucket with the file name there of destination-file-name.ext .这会将本地文件local-file-name.ext传输到存储桶the-client-bucket ,其中的文件名为destination-file-name.ext They may have a different path in the bucket.它们在存储桶中可能有不同的路径。

To recap:回顾一下:

  1. Client creates an IAM user that has very limited permission.客户创建一个权限非常有限的 IAM 用户。 Only API permission is needed, not console.只需要 API 权限,不需要控制台。
  2. You install the AWS CLI您安装 AWS CLI
  3. Client gives you the access key and secret key.客户端为您提供访问密钥和密钥。
  4. You configure the machine that does the transfers with the credentials您使用凭据配置进行传输的机器
  5. You can now push files to the bucket.您现在可以将文件推送到存储桶。
  6. You do not need an AWS account to do this.您不需要 AWS 账户来执行此操作。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS CloudFront 访问 S3 存储桶被拒绝 - AWS CloudFront access denied to S3 bucket 是否按AWS区域限制对S3存储桶的访问? - Restricting access to an S3 bucket by AWS region? AWS S3存储桶访问控制 - AWS S3 bucket access control 配置AWS Lambda以访问S3 Bucket - Configuring AWS Lambda to access S3 Bucket AWS S3存储桶策略访问被拒绝 - AWS S3 Bucket policy Access Denyed 拒绝 2 个用户访问 AWS S3 存储桶 - Deny AWS S3 bucket access for 2 users AWS S3 存储桶访问文件权限 - AWS S3 Bucket Access file permission 如何访问AWS S3存储桶 - How to get access to AWS S3 bucket 访问 aws s3 公共存储桶 - Access aws s3 public bucket AWS - 无法访问 S3 存储桶 - AWS - Unable to access S3 bucket
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM