[英]Boto3 uploading to s3 bucket
我想将一个由 lambda 创建的字符串添加到我的 s3 存储桶上的现有文本文件中。
当我使用:
s3.Object('My_bucket', 'textfile.txt').put(Body=missingtagginginfo)
missingtagginginfo = 我创建的变量 textfile.txt = 存在于 s3 存储桶中的文本文件
我收到以下错误:
"errorMessage": "An error occurred (AccessDenied) when calling the PutObject operation: Access Denied",
"errorType": "ClientError",
我已经给了 lambda s3fullAccess。
有谁知道我该如何解决这个问题?
问候
您的策略必须包含s3:PutObject
才能上传对象。
{
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::your-bucket/",
"arn:aws:s3:::your-bucket/*"
]
}
请不要添加通配符权限 ( s3:*
) 或通配符资源 ( "Resource": [ "*" ]
),因为它们会给错误和漏洞带来巨大的潜力。 AWS 策略生成器可以帮助您解决这个问题。
IAM 政策如下所示:
"Resource": "arn:aws:s3:::MYBUCKET/*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucketMultipartUploads",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts"
],
"Resource": [
"arn:aws:s3:::MYBUCKET/",
"arn:aws:s3:::MYBUCKET/*"
]
},
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "*"
}
写入您的存储桶策略
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "Allow-OAI-Access-To-Bucket",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::Your-Bucket-Name/*"
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.