使用 Flysystem 的 AWS S3 在创建目录时“无法在位置写入文件...拒绝访问”
[英]AWS S3 with Flysystem "Unable to write file at location... AccessDenied" when creating directory
问题描述
I'm a bit stuck trying to create directory using Flysystem on AWS S3 - I keep getting AccessDenied response.
我在尝试使用 AWS S3 上的 Flysystem 创建目录时遇到了一些问题 - 我一直收到AccessDenied响应。 My bucket has all public access blocked , but bucket policy allows all actions on it to the user that sends the request:我的存储桶已blocked所有公共访问,但存储桶策略允许发送请求的用户对其执行所有操作:
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "AllowCloudFrontServicePrincipal",
"Effect": "Allow",
"Principal": {
"Service": "cloudfront.amazonaws.com"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-local-bucket/*",
"Condition": {
"StringEquals": {
"AWS:SourceArn": "arn:aws:cloudfront::***:distribution/***"
}
}
},
{
"Sid": "2",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::***:user/local"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::my-local-bucket/*"
}
]
}
And my local user policy:还有我的local用户政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*",
"s3-object-lambda:*"
],
"Resource": "*"
}
]
}
I can upload files absolutely fine - it's just directories such as for instance images/blog etc. that I'm getting the League\Flysystem\UnableToWriteFile::atLocation exception thrown with the following error:我可以上传文件绝对没问题 - 它只是目录,例如images/blog等,我得到League\Flysystem\UnableToWriteFile::atLocation异常抛出以下错误:
Error executing "PutObject" on "https://s3.eu-west-2.amazonaws.com/my-local-bucket/images/blog/"; AWS HTTP error: Client error: `PUT https://s3.eu-west-2.amazonaws.com/my-local-bucket/images/blog/` resulted in a `403 Forbidden` response: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>***(truncated...) AccessDenied (client): Access Denied - <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>***</RequestId><HostId>***</HostId></Error>
Any idea what might be causing this?知道是什么原因造成的吗?
1 个解决方案
解决方案1
1 2023-01-26 13:26:02
After weeks of trying to find the answer I've found out that if I pass the visibility as private with configuration when creating the s3 driver then it does work as expected.经过数周的尝试寻找答案后,我发现如果我在创建 s3 驱动程序时通过配置将visibility作为private传递,那么它确实会按预期工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.