Ruby S3“访问被拒绝" ACL调用upload_file时发生错误 [英] Ruby S3 "Access Denied" error when calling upload_file with ACL

问题描述

我正在尝试编写一个Ruby脚本，该脚本将文件上传到AWS并使文件公开可用.我已完成以下操作:

I'm trying to write a Ruby script that uploads a file to AWS and makes the file publicly available. I've done the following:

s3 = Aws::S3::Resource.new(
    credentials: Aws::Credentials.new(KEY, SECRET),
    region:'us-west-2'
)
obj = s3.bucket('stg-db').object('key')
obj.upload_file(filename)

这似乎很好用，除了该文件不是公开可用的，而且我无法获得它的公共URL.但是当我登录到S3时，我可以看到我的文件很好.

This seems to work fine, except that the file isn't publicly available, and I can't get a public URL for it. But when I log into S3, I can see my file just fine.

为使其公开可用，我将最后一行更改为

To make it publicly available, I changed the last line to

obj.upload_file(filename, acl: 'public-read')

但是当我这样做时，我遇到了访问被拒绝的错误.我的S3存储桶中是否缺少一些权限设置，导致了问题，或者我是否以某种方式错误地调用了此权限?

But I'm getting an access denied error when I do this. Is there some permission setting I am missing on my S3 bucket that is causing problems, or am I calling this incorrectly somehow?

推荐答案

花了比我想承认的更多的时间玩弄S3存储桶策略之后，我弄清楚了如何使其发挥作用.

After spending more time than I would like to admit playing around with S3 bucket policies, I figured out how to make it work.

我强烈推荐以下三种AWS资源:

I highly recommend these three AWS resources:

1. 示例存储桶策略
2. 政策生成器
3. IAM政策元素参考

1. Example Bucket Policies
2. Policy Generator
3. IAM Policy Elements Reference

我创建了一个策略，该策略允许特定用户对我的存储桶具有对象上载"，对象ACL"和对象删除"权限.这是JSON:

I created a policy that allows a particular user to have Object Upload, Object ACL, and Object Delete permissions for my bucket. Here's the JSON:

{
"Version": "2012-10-17",
"Id": "Policy1441134540846",
"Statement": [
    {
        "Sid": "Stmt1441134537688",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::MY_USER_ID:user/myemail@example.com"
        },
        "Action": [
            "s3:DeleteObject",
            "s3:PutObjectAcl",
            "s3:PutObject"
        ],
        "Resource": "arn:aws:s3:::MY_BUCKET/*"
    }
]
}

一些提示:

• 以上项目符号3中的参考有助于理解JSON的主体"部分.只需在IAM中创建一个用户，然后填写适当的信息即可.
• 资源部分可能有点挑剔.根据您授予的权限，您需要考虑是否应指定存储桶中的对象(因此，应在MY_BUCKET之后指定"/*")还是存储桶本身.如果您在尝试保存存储桶时开始出错(类似于操作不适用于语句中的任何资源..."之类的内容，则可能是您指定了错误的资源.
• 您可能要尝试的最后一件事就是向所有人开放您的权限(将Principal指定为"*")，直到可以使用该功能为止.然后，在处理问题时通过更改Principal来减少访问列表.

这篇关于Ruby S3“访问被拒绝" ACL调用upload_file时发生错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！