[英]AWS S3 ListMultipartUploads : access denied
我已經關注此博客 ,以便使用Web Identity Federation設置我的AWS IAM和S3帳戶。 我能夠驗證和接收會話憑證和令牌都很好。 我也可以下載和上傳對象。 但是,我得到了:
拒絕訪問
在以下ListMultipartUploads請求中:
var request = new ListMultipartUploadsRequest()
{
BucketName = bucketName,
Prefix = $"{UserId}/"
};
var response = await s3Client.ListMultipartUploadsAsync(request);
附加到我的IAM角色的訪問策略是:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::mybucket/${myidentityprovider:userId}/*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::mybucket"
],
"Condition": {
"StringLike": {
"s3:prefix": "${myidentityprovider:userId}/"
}
}
}
]
}
如您所見,我擁有“s3:ListBucketMultipartUploads”權限,因此用戶應該能夠在其存儲桶上執行ListMultiPartUploads。 我究竟做錯了什么?
我在你的前綴語句中看到一個錯誤,
它需要是一個數組,
“s3:prefix”:[“$ {myidentityprovider:userId} / *”]
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::mybucket/${myidentityprovider:userId}/*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::mybucket"
],
"Condition": {
"StringLike": {
"s3:prefix": ["${myidentityprovider:userId}/*"]
}
}
}
]}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.