无法从EC2实例使用IAM角色访问S3存储桶 [英] Can't access S3 bucket using IAM Role from an EC2 instance
问题描述
我正在尝试使用PHP SDK(在EC2实例上)从私有S3存储桶下载文件.
I'm trying to download a file from a private S3 bucket using the PHP SDK (on an EC2 instance).
我创建一个IAM角色并将AmazonS3FullAccess
附加到该角色.
I create an IAM role and attached the AmazonS3FullAccess
to it.
我创建了S3存储桶,这是存储桶策略:
I created the S3 bucket and this is the bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::206193043625:role/MyRoleName"
},
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::config-files/*"
}
]
}
然后在PHP端,我向http://169.254.169.254/latest/meta-data/iam/security-credentials/MyRoleName
发出curl请求,返回一个JSON实例化S3Client并尝试下载它,但我收到此错误消息:
Then on the PHP side I make a curl request to http://169.254.169.254/latest/meta-data/iam/security-credentials/MyRoleName
, I get a JSON back instantiate the S3Client and try to download it, but I'm getting this error message:
在" https上执行"GetObject"时出错://files.s3.us-west-2.amazonaws.com/us-west-2__config.php ; AWS HTTP错误:客户端错误:
GET https://files.s3.us-west-2.amazonaws.com/us-west-2__config.php
导致403 Forbidden
响应:
Error executing "GetObject" on "https://files.s3.us-west-2.amazonaws.com/us-west-2__config.php"; AWS HTTP error: Client error:
GET https://files.s3.us-west-2.amazonaws.com/us-west-2__config.php
resulted in a403 Forbidden
response:
AccessDenied
AccessDenied
访问被拒绝C84D80(已截断...)AccessDenied(客户端):访问被拒绝-
Access DeniedC84D80 (truncated...) AccessDenied (client): Access Denied -
AccessDenied
AccessDenied
访问被拒绝
有人可以指出我的方向吗?
Can anyone point me to a direction?
推荐答案
无需直接访问169.254.169.254
.适用于PHP的AWS开发工具包将自动检索凭证.
There is no need to access 169.254.169.254
directly. The AWS SDK for PHP will automatically retrieve credentials.
仅创建S3客户端而无需指定任何凭据.
Simply create the S3 client without specifying any credentials.
这篇关于无法从EC2实例使用IAM角色访问S3存储桶的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!