[英]How can i download a local copy of an S3 snapshot of an AWS Postgres DB?
There is a snapshot in S3 of a Postgres DB, but the download button is grayed out... if i navigate to each file in each table, i am able to download the .gz.parquet
files individually, but that is crazy.在 Postgres 数据库的 S3 中有一个快照,但下载按钮是灰色的……如果我导航到每个表中的每个文件,我可以单独下载.gz.parquet
文件,但这太疯狂了。
So I installed the aws
cli, configured a default user , tried to run aws s3 cp s3://<your-bucket-name>/<your-snapshot-name> <local-path>
but always get:所以我安装了aws
cli, 配置了一个默认用户,尝试运行aws s3 cp s3://<your-bucket-name>/<your-snapshot-name> <local-path>
但总是得到:
fatal error: An error occurred (404) when calling the HeadObject operation: Key <your-snapshot-name> does not exist
But it does exist, and I can see it in the aws website and see the root folder if i run aws s3 ls
.但它确实存在,如果我运行aws s3 ls
,我可以在 aws 网站上看到它并看到根文件夹。
So i tried aws s3 cp --recursive s3://<your-bucket-name>/<your-snapshot-name> <local-path>
and it goes through all the folders, copies them to my computer, but theyre all empty folders, and i get the following error for every folder its going through:所以我尝试aws s3 cp --recursive s3://<your-bucket-name>/<your-snapshot-name> <local-path>
它遍历所有文件夹,将它们复制到我的电脑,但它们都是空文件夹,对于它经过的每个文件夹,我都会收到以下错误:
An error occurred (AccessDenied) when calling the GetObject operation: The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access.
The permissions I'm using are a generic (what i thought was) all access to S3:我使用的权限是对 S3 的通用(我认为是)所有访问权限:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*",
"s3-object-lambda:*"
],
"Resource": "*"
}
]
}
Plus two from here :再加上两个来自这里:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::snapshots"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::snapshots/*"
]
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::snapshots"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::snapshots/*"
]
}
]
}
What am I missing here?我在这里错过了什么?
The first error you are experiencing is probably because the aws s3 cp
command works on objects, not directories.您遇到的第一个错误可能是因为aws s3 cp
命令适用于对象,而不适用于目录。 A good way to copy a whole directory (including subdirectories) is to use aws s3 sync
.复制整个目录(包括子目录)的一个好方法是使用aws s3 sync
。
The second error mentions "customer master key".第二个错误提到“客户主密钥”。 This is probably referring to a KMS key that was used to encrypt the file when it was created by Amazon RDS.这可能指的是在 Amazon RDS 创建文件时用于加密文件的 KMS 密钥。 Try giving yourself kms:*
permissions (although you probably only need kms:Decrypt
) and it should be able to read the file.尝试给自己kms:*
权限(尽管您可能只需要kms:Decrypt
),它应该能够读取文件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.