AWS S3存储桶权限-拒绝访问 [英] AWS S3 Bucket Permissions - Access Denied

问题描述

我正在尝试授予自己下载S3存储桶中现有文件的权限.我已经修改了存储桶策略，如下所示:

I am trying to give myself permission to download existing files in an S3 bucket. I've modified the Bucket Policy, as follows:

        {
        "Sid": "someSID",
        "Action": "s3:*",
        "Effect": "Allow",
        "Resource": "arn:aws:s3:::bucketname/AWSLogs/123123123123/*",
        "Principal": {
            "AWS": [
                "arn:aws:iam::123123123123:user/myuid"
            ]
        }
    }

我的理解是，除了该策略外，我还应该为我的帐户"myuid"赋予"bucketname"的完整权限，包括该存储桶中已经存在的所有文件.但是，当我尝试通过控制台中的链接下载任何这些文件时，仍然出现访问被拒绝"错误.

My understanding is that addition to the policy should give me full rights to "bucketname" for my account "myuid", including all files that are already in that bucket. However, I'm still getting Access Denied errors when I try to download any of those files via the link that comes up in the console.

有什么想法吗?

推荐答案

David ，您说得对，但我发现，除了下面 bennie 所说的以外，您还必须授予经过身份验证的用户.

David, You are right but I found that, in addition to what bennie said below, you also have to grant view (or whatever access you want) to 'Authenticated Users'.

但是更好的解决方案可能是编辑用户的策略以仅授予对存储桶的访问权限:

But a better solution might be to edit the user's policy to just grant access to the bucket:

{
   "Statement": [
    {
      "Sid": "Stmt1350703615347",
      "Action": [
        "s3:*"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::mybucket/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": ["arn:aws:s3:::mybucket"],
      "Condition": {}
    }
  ]
}

第一个块将所有S3权限授予存储桶中的所有元素.第二个块向存储桶本身授予列表权限.

The first block grants all S3 permissions to all elements within the bucket. The second block grants list permission on the bucket itself.

这篇关于AWS S3存储桶权限-拒绝访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！