尝试下载文件时从s3获取403禁止 [英] Getting 403 forbidden from s3 when attempting to download a file

问题描述

我在s3上有一个存储桶，并且一个用户拥有对该存储桶的完全访问权限.

I have a bucket on s3, and a user given full access to that bucket.

我可以执行ls命令并查看存储桶中的文件，但是下载失败:

I can perform an ls command and see the files in the bucket, but downloading them fails with:

A client error (403) occurred when calling the HeadObject operation: Forbidden

我也尝试过通过IAM控制台授予完全S3权限的用户进行此操作.同样的问题.

I also attempted this with a user granted full S3 permissions through the IAM console. Same problem.

作为参考，这是我拥有的IAM策略:

For reference, here is the IAM policy I have:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::mybucket",
                "arn:aws:s3:::mybucket/*"
            ]
        }
    ]
}

我还尝试添加一个存储桶策略，甚至将存储桶公开，但仍然无法执行...此外，我尝试从控制台设置存储桶中文件的单独权限，并收到一条错误消息，说我无法查看存储桶，这很奇怪，因为当消息出现时我正在控制台中查看它，并且可以ls存储桶中的任何内容.

I also tried adding a bucket policy, even making the bucket public, and still no go...also, from the console, I tried to set individual permissions on the files in the bucket, and got an error saying I cannot view the bucket, which is strange, since I was viewing it from the console when the message appeared, and can ls anything in the bucket.

编辑，我的存储桶中的文件是使用我帐户的凭据从属于另一个帐户的另一个存储桶中复制到那里的.可能相关，也可能不相关...

EDIT the files in my bucket were copied there from another bucket belonging to a different account, using credentials from my account. May or may not be relevant...

第二次编辑只是尝试将我自己的文件与其他存储桶中的存储桶进行上传，下载和复制，并且工作正常.问题特别是来自另一个帐户存储桶中的文件.

2nd EDIT just tried to upload, download and copy my own files to and from this bucket from other buckets, and it works fine. The issue is specifically with the files placed there from another account's bucket.

谢谢！

推荐答案

我认为您需要确保在使用"bucket-owner-full-control" acl在存储桶之间移动/复制对象时，将权限应用于对象

I think you need to make sure that the permissions are applied to objects when moving/copying them between buckets with the "bucket-owner-full-control" acl.

以下是有关在移动或复制文件以及追溯时如何执行此操作的详细信息: https://aws.amazon.com/premiumsupport/knowledge- center/s3-bucket-owner-access/

Here are the details about how to do this when moving or copying files as well as retroactively: https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-owner-access/

此外，您还可以在此处阅读有关各种预定义拨款的信息: http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl

Also, you can read about the various predefined grants here: http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl

这篇关于尝试下载文件时从s3获取403禁止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！