stackoom
  简体   繁体   中英

Unable to create access key for AWS S3 data transfer

 原文  2020-08-20 07:53:08       amazon-web-services/ amazon-s3

Question

I recently started using AWS S3 Bucket and facing some issues as I would like to transfer the files from S3 bucket to another server using Boto I Python.

When I tried creating access key and secret key for API, access I got an error that I do not have the permissions to create access key.

I am trying to change the policy as shown below but getting an error:

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "AllowPublicRead",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::s3-sample/*"
        },
        {
            "Sid": "ViewAndUpdateAccessKeys",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": [
                "iam:UpdateAccessKey",
                "iam:CreateAccessKey",
                "iam:ListAccessKeys"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        }
        
    ]
}

This leads to the following error:

Policy has invalid action

Can someone point to how to set the policy correctly so that it would enable creation of API access keys as well as transfer of files to another server?

Thank you.

1 answers

solution1
 2  2020-08-20 08:51:28

IAM identity-Based Policies don't have principles. They principle will be deduced automatically when you attach the policy to IAM user, role or group.

However, it seems to me that you are creating bucket policies , which have the principle. However, bucket policies do not apply to iam:* permissions. This would explain your error.

Therefore, I think you should leave your bucket policy in its original state:

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "AllowPublicRead",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::s3-sample/*"
        }        
    ]
}

and create IAM customer managed policy which you can attach to the IAM user who requires it:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ViewAndUpdateAccessKeys",
            "Effect": "Allow",
            "Action": [
                "iam:UpdateAccessKey",
                "iam:CreateAccessKey",
                "iam:ListAccessKeys"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        }
    ]
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Create AWS access key that only allow s3 AWS S3 pricing - data transfer in/out How Data Transfer is calculatedin AWS S3? Unable to access AWS S3 from Android AWS S3: Unable to make access public AWS - Unable to access S3 bucket Unable to enable Transfer acceleration on AWS s3 Bucket AWS S3 data transfer using AWS CLI Reducing AWS Data Transfer Cost for AWS S3 files AWS s3 Browsershowing invalid access key
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM