无法从EC2实例使用IAM角色访问S3存储桶 [英] Can't access S3 bucket using IAM Role from an EC2 instance
问题描述
我正在尝试使用PHP SDK(在EC2实例上)从私有S3存储桶下载文件.
I'm trying to download a file from a private S3 bucket using the PHP SDK (on an EC2 instance).
我创建一个IAM角色并将AmazonS3FullAccess附加到该角色.
I create an IAM role and attached the AmazonS3FullAccess to it.
我创建了S3存储桶,这是存储桶策略:
I created the S3 bucket and this is the bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::206193043625:role/MyRoleName"
},
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::config-files/*"
}
]
}
然后在PHP端,我向http://169.254.169.254/latest/meta-data/iam/security-credentials/MyRoleName发出curl请求,返回一个JSON实例化S3Client并尝试下载它,但我收到此错误消息:
Then on the PHP side I make a curl request to http://169.254.169.254/latest/meta-data/iam/security-credentials/MyRoleName, I get a JSON back instantiate the S3Client and try to download it, but I'm getting this error message:
在" https上执行"GetObject"时出错://files.s3.us-west-2.amazonaws.com/us-west-2__config.php ; AWS HTTP错误:客户端错误:
GET https://files.s3.us-west-2.amazonaws.com/us-west-2__config.php导致403 Forbidden响应:
Error executing "GetObject" on "https://files.s3.us-west-2.amazonaws.com/us-west-2__config.php"; AWS HTTP error: Client error:
GET https://files.s3.us-west-2.amazonaws.com/us-west-2__config.phpresulted in a403 Forbiddenresponse:
AccessDenied
AccessDenied
访问被拒绝C84D80(已截断...)AccessDenied(客户端):访问被拒绝-
Access DeniedC84D80 (truncated...) AccessDenied (client): Access Denied -
AccessDenied
AccessDenied
访问被拒绝
有人可以指出我的方向吗?
Can anyone point me to a direction?
推荐答案
无需直接访问169.254.169.254.适用于PHP的AWS开发工具包将自动检索凭证.
There is no need to access 169.254.169.254 directly. The AWS SDK for PHP will automatically retrieve credentials.
仅创建S3客户端而无需指定任何凭据.
Simply create the S3 client without specifying any credentials.
这篇关于无法从EC2实例使用IAM角色访问S3存储桶的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
