AWS-服务器端加密访问被拒绝-更改root用户的加密失败 [英] AWS - Server side encryption Access denied- Change encryption failure for root user
问题描述
我对我创建的S3存储桶具有读/写/管理员访问权限.我可以在那里创建对象并按预期将其删除.存储桶中存在其他文件夹,这些文件夹是从另一个AWS账户那里转移到的.我无法从这些文件夹下载任何项目.当我单击文件时,有信息说明服务器端加密访问被拒绝".当我尝试删除此加密时,它失败并显示以下消息:
I have read/write/admin access to an S3 bucket I created. I can create object in there and delete them as expected. Other folders exist on the bucket that were transferred there from another AWS account. I can't download any items from these folders. When I click on the files there is info stating "Server side encryption Access denied". When I attempt to remove this encryption it fails with the message:
Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: 93A26842904FFB2D; S3 Extended Request ID: OGQfxPPcd6OonP/CrCqfCIRQlMmsc8DwmeA4tygTGuEq18RbIx/psLiOfEdZHWbItpsI+M1yksQ=)
我对问题所在感到困惑.我是存储桶的根用户/所有者,虽然可以更改该材料的权限/加密,但是我会拥有该权限吗?
I'm confused as to what the issue is. I am the root user/owner of the bucket and would have though I would be able to change the permissions/encryption of this material?
谢谢
推荐答案
这是一个有趣的问题.当解密文件所需的KMS密钥不可用/不可访问时,我已经看到过这一点.您可以尝试将KMS密钥从旧帐户移动到新帐户,或者使密钥可以从旧帐户访问.
This is a interesting problem. I've seen this before when the KMS key that is required to decrypt the files isn't available/accessible. You can try moving the KMS key from the old account to the new account or making the key accessible from the old account.
