IAM用户策略在Amazon S3存储桶上返回403禁止 [英] IAM user policy returning 403 Forbidden on Amazon S3 bucket
问题描述
我正在努力使AWS S3 IAM用户策略生效,这是我当前的IAM用户策略:
I am struggling to get a AWS S3 IAM user policy to work, this is my current IAM user's policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1424859689000",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::vault-us/*"
]
}
]
}
当我在S3存储桶中发布帖子以创建新对象时,出现403禁止错误,但是当我使用名为"AmazonS3FullAccess"的托管策略时,一切正常.
When I do a post to create a new object in my S3 bucket I get a 403 Forbidden error but when I use the Managed Policy called 'AmazonS3FullAccess' then everything works just fine.
我想做的是限制某些IAM用户上载/下载权限,但正在努力使其正常工作.
What I am trying to do is restrict certain IAM users to upload/downloads rights but am struggling to get this working.
任何建议将不胜感激!
推荐答案
我设法弄清楚,为了使上传正常工作,我需要添加操作"s3:PutObjectAcl",以下是我的IAM策略示例:
I managed to figure out that in order for upload to work I needed to include the action "s3:PutObjectAcl" here is the example of my IAM policy below:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::vault-us"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::vault-us/*"
]
}
]
}
这篇关于IAM用户策略在Amazon S3存储桶上返回403禁止的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
