我正在尝试使用 s3 存储桶策略的附加权限更新我的 AWS SAM 模板。我需要添加以下内容:“s3:ListBucket”、“s3:PutObject”和“s3:DeleteObject” 但是,当我部署更新的模板时,我收到无效的策略消息:
来自 github 操作的错误消息: 策略包含无效资源(服务:Amazon S3;状态代码:400;错误代码:MalformedPolicy;
BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref MyWebsite
PolicyDocument:
Id: MyPolicy
Version: 2012-10-17
Statement:
Sid: PublicRead
Effect: Allow
Principal: "*"
Action:
- 's3:ListBucket'
- 's3:GetObject'
- 's3:PutObject'
- 's3:DeleteObject'
Resource:
- "arn:aws:s3:::my-resume-wesite123456/*"
- "arn:aws:s3:::my-resume-wesite123456/"
我以为资源名称可能有拼写错误,但使用下面的代码成功创建了存储桶。
Resources:
MyWebsite:
Type: AWS::S3::Bucket
Properties:
AccessControl: PublicRead
WebsiteConfiguration:
IndexDocument: index.html
BucketName: my-resume-wesite123456
非常感谢任何建议。
最佳答案
您可以直接引用存储桶,让您的生活变得更加轻松:
BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref MyWebsite
PolicyDocument:
Id: MyPolicy
Version: 2012-10-17
Statement:
Sid: PublicRead
Effect: Allow
Principal: "*"
Action:
- 's3:ListBucket'
- 's3:GetObject'
- 's3:PutObject'
- 's3:DeleteObject'
Resource:
- !Sub ${MyWebsite.Arn}/*
- !Sub ${MyWebsite.Arn}
关于amazon-web-services - AWS 存储桶策略创建失败 - 策略具有无效资源,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/73543372/