堆栈内存溢出
  简体   繁体   English

AWS S3 的 IAM 用户权限问题

[英]IAM User Permission issue with AWS S3

 原文  2022-06-27 07:00:19       amazon-web-services/ amazon-s3/ amazon-iam

问题描述

I am having an issue with a user that has been unable to access the bucket from last week on Using aws console, and the error messages are as follows:我在使用 aws 控制台时遇到了一个用户从上周以来无法访问存储桶的问题,错误消息如下:

"Insufficient permissions to list objects "You don't have permissions to list buckets After you or your AWS administrator have updated your permissions to allow the s3:ListAllMyBuckets action, refresh this page. “列出对象的权限不足”您没有列出存储桶的权限 在您或您的 AWS 管理员更新您的权限以允许 s3:ListAllMyBuckets 操作后,刷新此页面。 Learn more about Identity and access management in Amazon S3"详细了解 Amazon S3 中的身份和访问管理”

The user have the permission for: abc-ftp ,listBuckets, and cloudfront_admin_policy access用户具有以下权限:abc-ftp、listBuckets 和 cloudfront_admin_policy 访问

Attach policy from group : cloudfront_admin_policy and abc-ftp.从组附加策略:cloudfront_admin_policy 和 abc-ftp。 Attach directly policy : listBuckets直接附加策略:listBuckets

Policy status Limited: List, Read Policy listBuckets:策略状态受限:列表、读取策略列表桶:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "*"
        }
    ]
}

Cloud front admin policy云前端管理策略

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::cloudfront.abc.com"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::cloudfront.abc.com/*"
            ]
        }
    ]
}

An Athena query against the user :针对用户的 Athena 查询:

在此处输入图像描述

在此处输入图像描述

If you know anything, I'd be happy to let you know.如果你知道什么,我很乐意让你知道。

Thank you!谢谢!

1 个解决方案

解决方案1
 -1  2022-06-27 07:39:20

This resolution assumes that the GetObject and PutObject calls are already granted to the AWS Identity Access Management (IAM) user or role.此解决方案假定 GetObject 和 PutObject 调用已授予 AWS Identity Access Management (IAM) 用户或角色。 This resolution addresses how to resolve the Access Denied error caused by improper ListBucket permissions or using incorrect sync command syntax with Requester Pays.此解决方案解决了如何解决由于 ListBucket 权限不正确或对请求者付款使用不正确的同步命令语法而导致的访问被拒绝错误。

Once check the below aws documentation.检查以下 aws 文档。 I hope this helps :)我希望这有帮助 :)

https://aws.amazon.com/premiumsupport/knowledge-center/s3-access-denied-listobjects-sync/ https://aws.amazon.com/premiumsupport/knowledge-center/s3-access-denied-listobjects-sync/

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 授予 IAM 用户访问 AWS S3 中存储桶特定文件夹的权限 - Giving an IAM user, permission to a specific folder of a bucket in AWS S3 AWS IAM用户对S3的访问 - AWS IAM User Access to S3 AWS IAM GroupPolicy-为什么s3:PutObject权限不起作用? - AWS IAM GroupPolicy - Why is the s3:PutObject permission not working? IAM 用户 S3 权限和 S3 中的 Bucket 权限哪个先执行? - IAM User S3 permission and Bucket permission in S3 which one will execute first? AWS IAM 角色权限问题 - AWS IAM Role permission issue AWS Data Pipeline:IAM 角色的 S3 访问权限问题 - AWS Data Pipeline: Issue with permissions S3 Access for IAM role 限制每个IAM用户的S3数据大小的AWS策略 - AWS policy to limit S3 data size per IAM user AWS S3 IAM用户无法访问存储桶 - AWS S3 IAM user can't access bucket AWS S3 IAM用户vs签名URL - aws s3 iam user vs signed urls AWS S3-如何将IAM用户限制为一个存储桶? - AWS S3 - How to restrict an IAM user to just a single bucket?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM