stackoom
  简体   繁体   中英

AWS EC2 IAM role access denied on S3

 原文  2016-01-04 07:16:58       amazon-web-services/ amazon-s3/ amazon-ec2/ amazon-iam

Question

I have launched an EC2 instance with IAM role "webapp". role is attached and i can confirm it using

curl http://169.254.169.254/latest/meta-data/iam/security-credentials/webapp
{
  "Code" : "Success",
  "LastUpdated" : "2016-01-04T06:44:50Z",
  "Type" : "AWS-HMAC",
  "AccessKeyId" : "xxx",
  "SecretAccessKey" : "xxx",
  "Token" : "xxx",
  "Expiration" : "2016-01-04T12:46:27Z"
}

webapp Role has an attached policy for S3 

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "*"
    }
  ]
}

But I am unable to access objects on S3. I am using aws-php-sdk

require_once 'vendor/autoload.php';
use Aws\S3\S3Client;

$client = S3Client::factory(array('region'  => 'us-west-2','version'=>'2006-03-01'));
  $result = $client->getObject(array(
    'Bucket' => 'test-bkt88767',
    'Key'    => "file.txt",
  ));
echo $result['Body'] . "\n";

I am getting a 403 forbidden

PHP Fatal error:  Uncaught exception 'Aws\S3\Exception\S3Exception' with message 'Error executing "GetObject" on "https://s3-us-west-2.amazonaws.com/test-bkt88767/file.txt"; AWS HTTP error: Client error: `GET https://s3-us-west-2.amazonaws.com/test-bkt88767/file.txt` resulted in a `403 Forbidden` response:
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>995F9A (truncated...)
 AccessDenied (client): Access Denied - <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>995F9AC51CC2164F</RequestId><HostId>JPKyfP1LBLW5ky2wH9t2CEjHrKT0tI9zgyXHU/qcJWvBoOwhK7O0dzl1wCjjzV58UhKZVHXvFFg=</HostId></Error>'

do I need to change bucket permissions as well? or I am doing something wrong with the conf. of EC2?

2 answers

solution1
 0  2018-01-29 03:11:47

Check your webapp role in IAM, it should say something like this:

{
    "Action": [
        "s3:ListBucket"
    ],
    "Resource": "arn:aws:s3:::your_bucket",
    "Effect": "Allow"
},
{
    "Action": [
        "s3:GetObject"
    ],
    "Resource": "arn:aws:s3:::your_bucket/*",
    "Effect": "Allow"
}

IAM 角色

solution2
 0  2020-01-20 06:23:07

您能否检查是否为在 S3 存储桶上没有正确访问权限的任何用户配置了 AWS 密钥和访问 ID,或者您可以尝试使用另一个访问 s3 API,我有时会遇到同样的问题。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS IAM Role in EC2 and access to S3 from JupyterHub AWS EC2 access to S3 with IAM role AWS EC2 IAM role for S3 access not working Unable to access S3 file with IAM role from EC2 EC2 cannot access S3 object via IAM role AWS S3 Access Denied from EC2 and Lambda AWS EC2 Access Denied S3 Cross Account AWS S3 403 Access Denied from EC2 instance AWS: Mounting S3 bucket to EC2 via s3fs (iam role) executes but does not work Can't access S3 bucket using IAM Role from an EC2 instance
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM