[英]An error occurred (AccessDenied) when calling the PutObject operation: Access Denied but works on my system
[英]ValueError: the bucket does not exist, or is forbidden for access 'An error occurred (AccessDenied) when calling the CreateMultipartUpload
我正在使用 python 库smart_open
将文件(这将是大文件)从 python 脚本上传到 S3 存储桶
Bucket 具有使用 KMS 执行 SSE 的策略
{
"Version": "2012-10-17",
"Id": "PutObjPolicy",
"Statement": [
{
"Sid": "RequireKMSEncryption",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::n-test-kms-123456789/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": "aws:kms"
}
}
}
]
}
我尝试使用以下方法打开要写入的文件:
from smart_open import open
--------
with open(
's3://' + BUCKET_NAME + '/robots.txt',
'w',
transport_params = {
'multipart_upload_kwargs': {
'ServerSideEncryption': 'aws:kms',
'SSEKMSKeyId': 'arn:aws:kms:us-east-2:1234567890:key/86fb3bf7-e9ef-4a93-bc64-35dcf1ca3c8d'
},
'client': boto3.client('s3')
}
) as json_file:
我一直有错误:
ValueError: bucket 'n-test-kms-123456789' 不存在,或禁止访问
用户及其 IAM 角色对该 S3 存储桶(包括CreateMultipartUpload
)具有完全权限 - 似乎整个问题仅限于正确传递'ServerSideEncryption': 'aws:kms'
到transport_params
我做错了什么?
with open(
's3://' + BUCKET_NAME + '/robots.txt',
'w',
transport_params = {
'client_kwargs': {
'S3.Client.create_multipart_upload': {
'ServerSideEncryption': 'aws:kms'
}
},
'client': boto3.client('s3')
}
) as json_file:
我找到了transport_params
的正确设置以通过 SSE - 也不需要通过KMSKeyId
来支持默认的aws/kms/s3
密钥
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.