我得到:
An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied
当我尝试从 S3 存储桶获取文件夹时。
使用此命令:
aws s3 cp s3://bucket-name/data/all-data/ . --recursive
存储桶的 IAM 权限如下所示:
{
"Version": "version_id",
"Statement": [
{
"Sid": "some_id",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::bucketname/*"
]
}
] }
我需要更改什么才能成功复制和ls?
最佳答案
您已授予对 S3 存储桶内的对象执行命令的权限,但尚未授予对存储桶本身执行任何操作的权限。
稍微修改您的政策将如下所示:
{
"Version": "version_id",
"Statement": [
{
"Sid": "some_id",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::bucketname",
"arn:aws:s3:::bucketname/*"
]
}
]
}
但是,这可能会提供超出所需的权限。遵循 AWS IAM 最佳实践 Granting Least Privilege看起来像这样:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::bucketname"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::bucketname/*"
]
}
]
}
关于amazon-web-services - 当权限为 s3 时,S3 存储桶的 ListObjects 的 AccessDenied :*,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38774798/