如何设置访问点策略以允许我的 web 服务器访问 S3 存储桶中的对象:
[英]How do I set up the Access Point Policy to allow my web server to access objects in S3 Bucket:
问题描述
I've followed examples found on StackOverflow and elsewhere, but it's not working and I don't know what I'm doing wrong.
我遵循了在 StackOverflow 和其他地方找到的示例,但它不起作用,我不知道我做错了什么。 Here's the policy code:这是策略代码:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Principal": "*",
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": ["arn:aws:s3:::bucketname/*"],
"Condition": {
"StringLike": {
"aws:Referer": [
"url1",
"url2"
]
}
}
}
]
}
But I get:但我得到:
Ln 11, Col 16 Unsupported Resource ARN In Policy: The resource ARN is not supported
for the resource-based policy attached to resource type S3 Access Point.
What am I doing wrong?我究竟做错了什么?
1 个解决方案
解决方案1
1 已采纳 2023-01-14 09:23:23
Error message includes "S3 Access Point".错误消息包括“S3 访问点”。 If you are trying to attach that policy to Access point, it does not work.如果您尝试将该策略附加到接入点,则它不起作用。 That policy is a valid bucket policy (which you must also set and must be same as access point resource policy).该策略是有效的存储桶策略(您还必须设置它并且必须与访问点资源策略相同)。
Use same policy for access point but change the resource string as follows:对访问点使用相同的策略,但按如下方式更改资源字符串:
"Resource": "arn:aws:s3:<region>:<account>:accesspoint/<bucket>/object/*",
Btw, instead of similar policy as access point policy, bucket policy can include a policy which delegates access control for access point: see https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-policies.html#access-points-delegating-control )顺便说一句,与访问点策略类似的策略不同,存储桶策略可以包括一个委托访问点访问控制的策略:参见https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-policies。 html#access-points-delegating-control )
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.