嗨,我按照这个回答的指示,得到了同样的错误。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1614469992506",
"Principal": "*",
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::<S3_Name>/*"
}
]
}
我得到了错误:Action does not apply to any resource(s) in statement
我检查了文档,但找不到任何解决方案。
最佳答案
ListBucket 应该在存储桶资源本身上,而其他对象操作应该在存储桶内的对象上。所以,我们需要 /*
对于桶的所有对象。
IAM 政策 :
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::<S3_Name>/*"
},
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::<S3_Name>"
}
]
}
存储桶策略:与 IAM 策略相同,但附加了 Principal。
"Principal":"*"
或 "Principal":{"AWS":"*"}
将给予公众访问和"Principal":{"AWS":"arn:aws:iam::AccountNumber-WithoutHyphens:root"}
将授予对整个 Aws 帐户的访问权限。一些细节here和 here
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111122223333:root"
},
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::<S3_Name>/*"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111122223333:root"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::<S3_Name>"
}
]
}
关于amazon-web-services - AWS S3 操作不适用于声明中的任何资源,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/66404647/