Amazon S3 copyObject权限 [英] Amazon S3 copyObject permission

问题描述

我拥有所有权限的用户.

I'v got user with all permissions.

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "*",
      "Resource": "*"
    }
  ]
}

我正在使用aws-sdk-php-2将对象放入并复制到存储桶中.

I'm using aws-sdk-php-2 to put and copy objects in bucket.

http://docs.aws.amazon.com/aws-sdk-php-2/latest/class-Aws.S3.S3Client.html

输入代码完美无缺

                $client->putObject(array(
                'Bucket'     => 'kiosk',
                'Key'        => 'test/orders/test.csv',
                'SourceFile' => $sourcePath,
            ));

检查是否通过 https://console.aws.amazon.com/s3在S3上创建了对象后我正在执行下一个脚本.

After check if object created on S3 via https://console.aws.amazon.com/s3 I'm executing next script.

        $result = $client->copyObject(array(
        'Bucket' => 'kiosk',
        'CopySource' => 'test/orders/test.csv',
        'Key' => 'test/test.csv',
    ));

我收到致命错误:

Fatal error: Uncaught Aws\S3\Exception\S3Exception: AWS Error Code: AllAccessDisabled, Status Code: 403, AWS Request ID: XXX, AWS Error Type: client, AWS Error Message: All access to this object has been disabled, User-Agent: aws-sdk-php2/2.2.1 Guzzle/3.3.1 curl/7.19.7 PHP/5.4.13 thrown in phar:///usr/share/pear/AWSSDKforPHP/aws.phar/src/Aws/Common/Exception/NamespaceExceptionFactory.php on line 89

手动上传文件后console.aws.amazon.com/s3，尝试复制时看到不同的错误:

After upload file manually console.aws.amazon.com/s3 I see different error when trying to copy:

Fatal error: Uncaught Aws\S3\Exception\AccessDeniedException: AWS Error Code: AccessDenied, Status Code: 403, AWS Request ID: XXX, AWS Error Type: client, AWS Error Message: Access Denied, User-Agent: aws-sdk-php2/2.2.1 Guzzle/3.3.1 curl/7.19.7 PHP/5.4.13 thrown in phar:///usr/share/pear/AWSSDKforPHP/aws.phar/src/Aws/Common/Exception/NamespaceExceptionFactory.php on line 89

我还尝试通过console.aws.amazon.com/s3设置文件和文件夹的权限: 受赠者:所有人，打开/下载并查看权限和编辑权限

I also try to set permissions on file and folder via console.aws.amazon.com/s3: Grantee: Everyone, Open/Download and View Permission and Edit Permission

但仍然是相同的错误.

推荐答案

我知道这是一个老问题，但是最近在做旧项目时遇到了同样的问题.

I know this is an old question, but I ran into the same issue recently while doing work on a legacy project.

$this->client->copyObject([
    'Bucket'        => $this->bucket,
    'CopySource'    => $file,
    'Key'           => str_replace($source, $destination, $file),
]);

除copyObject之外，我所有其他S3调用均正常工作，并继续引发 ACCESS DENIED (访问失败)的错误.经过一番挖掘，我终于弄清楚了

All of the my other S3 calls worked except for copyObject continued to throw an ACCESS DENIED error. After some digging, I finally figured out why.

我只是传递了密钥，并假设传递的存储桶是源和目标都将使用的存储桶.事实证明，这是一个错误的假设.源必须带有存储桶名称前缀.

I was passing just the key and making the assumption that the bucket being passed was what both the source and destination would use. Turns out that is an incorrect assumption. The source must have the bucket name prefixed.

这是我的解决方法:

$this->client->copyObject([
    'Bucket'        => $this->bucket,
    // Added the bucket name to the copy source
    'CopySource'    => $this->bucket.'/'.$file,
    'Key'           => str_replace($source, $destination, $file),
]);

之所以说访问被拒绝"，是因为它认为密钥/文件夹的第一部分实际上是存储桶的名称，该存储桶名称不存在或者您实际上无权访问.

It says "Access Denied" because it thinks the first part of your key/folder is actually the name of the bucket which either doesn't exist or you really don't have access to.

希望能帮助一些人！

这篇关于Amazon S3 copyObject权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！