[英]Grant access to an S3 bucket for a specific user only, no public access
我正在尝试配置一个 S3 存储桶,以便它只能供特定用户访问,而不是公众。
我创建了一个名为 s3-injury-log 的用户和以下存储桶策略
{
"Id": "Policy1542998309644",
"Version": "2012-10-17",
"Statement": [{
"Sid": "Stmt1542998308012",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::injury-log",
"Principal": {
"AWS": ["arn:aws:iam::058842494618:user/s3-injury-log"]
}
}]
}
我的“阻止所有公共访问”选项卡如下
Block all public access - Off
Block public access to buckets and objects granted through new access control lists (ACLs) - On
Block public access to buckets and objects granted through any access control lists (ACLs) - On
Block public access to buckets and objects granted through new public bucket policies - Off
Block public and cross-account access to buckets and objects through any public bucket policies - Off
但是当试图将一个对象放入桶中时(使用 aws java libs)我收到以下错误消息
Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: CC71A7EFAFC9BBDB; S3 Extended Request ID: klrwopIIJK3PsJzEw
知道我做错了什么吗?
看起来您的策略不正确,它只允许存储桶级别的操作。 因此 PutObject 操作被拒绝,这是对象级别的。
只需更新您的策略以允许对象级操作:
{
"Id": "Policy1542998309644",
"Version": "2012-10-17",
"Statement": [{
"Sid": "Stmt1542998308012",
"Action": "s3:*",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::injury-log",
"arn:aws:s3:::injury-log/*"
]
"Principal": {
"AWS": ["arn:aws:iam::058842494618:user/s3-injury-log"]
}
}]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.