[英]How do I set up the Access Point Policy to allow my web server to access objects in S3 Bucket:
I've followed examples found on StackOverflow and elsewhere, but it's not working and I don't know what I'm doing wrong.我遵循了在 StackOverflow 和其他地方找到的示例,但它不起作用,我不知道我做错了什么。 Here's the policy code:
这是策略代码:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Principal": "*",
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": ["arn:aws:s3:::bucketname/*"],
"Condition": {
"StringLike": {
"aws:Referer": [
"url1",
"url2"
]
}
}
}
]
}
But I get:但我得到:
Ln 11, Col 16 Unsupported Resource ARN In Policy: The resource ARN is not supported
for the resource-based policy attached to resource type S3 Access Point.
What am I doing wrong?我究竟做错了什么?
Error message includes "S3 Access Point".错误消息包括“S3 访问点”。 If you are trying to attach that policy to Access point, it does not work.
如果您尝试将该策略附加到接入点,则它不起作用。 That policy is a valid bucket policy (which you must also set and must be same as access point resource policy).
该策略是有效的存储桶策略(您还必须设置它并且必须与访问点资源策略相同)。
Use same policy for access point but change the resource string as follows:对访问点使用相同的策略,但按如下方式更改资源字符串:
"Resource": "arn:aws:s3:<region>:<account>:accesspoint/<bucket>/object/*",
Btw, instead of similar policy as access point policy, bucket policy can include a policy which delegates access control for access point: see https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-policies.html#access-points-delegating-control )顺便说一句,与访问点策略类似的策略不同,存储桶策略可以包括一个委托访问点访问控制的策略:参见https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-policies。 html#access-points-delegating-control )
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.