amazon-web-services - AWS 存储桶策略创建失败 - 策略具有无效资源

Question

我正在尝试使用 s3 存储桶策略的附加权限更新我的 AWS SAM 模板。我需要添加以下内容:“s3:ListBucket”、“s3:PutObject”和“s3:DeleteObject” 但是，当我部署更新的模板时，我收到无效的策略消息:

来自 github 操作的错误消息: 策略包含无效资源(服务:Amazon S3；状态代码:400；错误代码:MalformedPolicy；

 BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref MyWebsite
      PolicyDocument:
        Id: MyPolicy
        Version: 2012-10-17
        Statement:
          Sid: PublicRead
          Effect: Allow
          Principal: "*"
          Action: 
            - 's3:ListBucket'
            - 's3:GetObject'
            - 's3:PutObject'
            - 's3:DeleteObject'
          Resource:
            - "arn:aws:s3:::my-resume-wesite123456/*"
            - "arn:aws:s3:::my-resume-wesite123456/"

我以为资源名称可能有拼写错误，但使用下面的代码成功创建了存储桶。

Resources:
  MyWebsite:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: PublicRead
      WebsiteConfiguration:
        IndexDocument: index.html
      BucketName: my-resume-wesite123456

非常感谢任何建议。

Answer 1

您可以直接引用存储桶，让您的生活变得更加轻松:

 BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref MyWebsite
      PolicyDocument:
        Id: MyPolicy
        Version: 2012-10-17
        Statement:
          Sid: PublicRead
          Effect: Allow
          Principal: "*"
          Action: 
            - 's3:ListBucket'
            - 's3:GetObject'
            - 's3:PutObject'
            - 's3:DeleteObject'
          Resource:
            - !Sub ${MyWebsite.Arn}/*
            - !Sub ${MyWebsite.Arn}