[英]AWS Java SDK Error - withPermissionsBoundary for IAM user
使用適用於JAVA的AWS開發工具包,我想限制對單個Bucket文件夾的訪問。 當我嘗試運行此代碼以將權限分配給新的IAM用戶時:
final AmazonIdentityManagement client = AmazonIdentityManagementClientBuilder
.standard()
.withCredentials(new AWSStaticCredentialsProvider(credentials))
.withRegion(Regions.US_EAST_2)
.build();
try {
String permissionsBoundary =
"{" +
"\"Version\": \"2012-10-17\"," +
" \"Statement\": [" +
" {" +
" \"Effect\": \"Allow\"," +
" \"Action\": "+
" [" +
" \"s3:PutObject\"," +
" \"s3:GetObject\"," +
" \"s3:DeleteObject\"" +
" ]," +
" \"Resource\": \"arn:aws:s3:::mybucket/*\"" +
" }" +
" ]" +
"}";
CreateUserRequest request = new CreateUserRequest()
.withUserName(usernameIAM)
.withPermissionsBoundary(permissionsBoundary);
CreateUserResult response = client.createUser(request);
我收到此錯誤:
ARN {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"s3:ListAllMyBuckets","Resource":"arn:aws:s3:::*"}]} is not valid. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: InvalidInput; Request ID: ...xxxxxxxxxxxx...)[Ljava.lang.StackTraceElement;@2f3a60a1
我遵循了這個Amazon IAM政策
withPermissionsBoundary
方法的正確用法是什么?如何正確定義規則?
錯誤消息顯示以下內容:
ARN
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
}
]
}
is not valid.
這顯然不是有效的ARN,因為它根本不是ARN,它是一項策略。 您的代碼在哪里使用? 無論在何處使用,都需要用正確的ARN替換它。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.