[英]Boto3 uploading to s3 bucket
我想將一個由 lambda 創建的字符串添加到我的 s3 存儲桶上的現有文本文件中。
當我使用:
s3.Object('My_bucket', 'textfile.txt').put(Body=missingtagginginfo)
missingtagginginfo = 我創建的變量 textfile.txt = 存在於 s3 存儲桶中的文本文件
我收到以下錯誤:
"errorMessage": "An error occurred (AccessDenied) when calling the PutObject operation: Access Denied",
"errorType": "ClientError",
我已經給了 lambda s3fullAccess。
有誰知道我該如何解決這個問題?
問候
您的策略必須包含s3:PutObject
才能上傳對象。
{
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::your-bucket/",
"arn:aws:s3:::your-bucket/*"
]
}
請不要添加通配符權限 ( s3:*
) 或通配符資源 ( "Resource": [ "*" ]
),因為它們會給錯誤和漏洞帶來巨大的潛力。 AWS 策略生成器可以幫助您解決這個問題。
IAM 政策如下所示:
"Resource": "arn:aws:s3:::MYBUCKET/*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucketMultipartUploads",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts"
],
"Resource": [
"arn:aws:s3:::MYBUCKET/",
"arn:aws:s3:::MYBUCKET/*"
]
},
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "*"
}
寫入您的存儲桶策略
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "Allow-OAI-Access-To-Bucket",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::Your-Bucket-Name/*"
}
]
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.