I have an S3 bucket that works perfectly with root credentials ( AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
) to upload files to the bucket.
I have created an IAM user .
I tried to give this IAM user the privilege of uploading files to this bucket by creating this policy and attaching it to that bucket:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement2",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::122xxxxxxxx28:user/iam-user-name"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket-name"
}
]
}
However, when I try to upload a file, I get this error:
This is how the upload works:
I generate a presigned-url in the backend:
var getImageSignedUrl = async function (key) { return new Promise((resolve, reject) => { s3.getSignedUrl( "putObject", { Bucket: AWS_BUCKET_NAME, Key: key, ContentType: "image/*", ACL: "public-read", Expires: 300, }, (err, url) => { if (err) { reject(err); } else { resolve(url); } } ); }); };
Then the file is uploaded in the frontend using that url:
await axios.put(uploadConfig.url, file, { headers: { "Content-Type": file.type, "x-amz-acl": "public-read", }, transformRequest: (data, headers) => { delete headers.common["Authorization"]; return data; }, });
You may need to replace:
"Resource": "arn:aws:s3:::bucket-name"
With:
"Resource": ["arn:aws:s3:::bucket-name","arn:aws:s3:::bucket-name/*"]
Actions like S3:PutObject apply to specific objects in the bucket like: bucket-name/image_1.png, so adding a wildcard resource enables access to those object operations.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.