Ruby S3“访问被拒绝" ACL调用upload_file时发生错误 [英] Ruby S3 "Access Denied" error when calling upload_file with ACL
问题描述
我正在尝试编写一个Ruby脚本,该脚本将文件上传到AWS并使文件公开可用.我已完成以下操作:
I'm trying to write a Ruby script that uploads a file to AWS and makes the file publicly available. I've done the following:
s3 = Aws::S3::Resource.new(
credentials: Aws::Credentials.new(KEY, SECRET),
region:'us-west-2'
)
obj = s3.bucket('stg-db').object('key')
obj.upload_file(filename)
这似乎很好用,除了该文件不是公开可用的,而且我无法获得它的公共URL.但是当我登录到S3时,我可以看到我的文件很好.
This seems to work fine, except that the file isn't publicly available, and I can't get a public URL for it. But when I log into S3, I can see my file just fine.
为使其公开可用,我将最后一行更改为
To make it publicly available, I changed the last line to
obj.upload_file(filename, acl: 'public-read')
但是当我这样做时,我遇到了访问被拒绝的错误.我的S3存储桶中是否缺少一些权限设置,导致了问题,或者我是否以某种方式错误地调用了此权限?
But I'm getting an access denied error when I do this. Is there some permission setting I am missing on my S3 bucket that is causing problems, or am I calling this incorrectly somehow?
推荐答案
花了比我想承认的更多的时间玩弄S3存储桶策略之后,我弄清楚了如何使其发挥作用.
After spending more time than I would like to admit playing around with S3 bucket policies, I figured out how to make it work.
我强烈推荐以下三种AWS资源:
I highly recommend these three AWS resources:
- Example Bucket Policies
- Policy Generator
- IAM Policy Elements Reference
我创建了一个策略,该策略允许特定用户对我的存储桶具有对象上载",对象ACL"和对象删除"权限.这是JSON:
I created a policy that allows a particular user to have Object Upload, Object ACL, and Object Delete permissions for my bucket. Here's the JSON:
{
"Version": "2012-10-17",
"Id": "Policy1441134540846",
"Statement": [
{
"Sid": "Stmt1441134537688",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::MY_USER_ID:user/myemail@example.com"
},
"Action": [
"s3:DeleteObject",
"s3:PutObjectAcl",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::MY_BUCKET/*"
}
]
}
一些提示:
- 以上项目符号3中的参考有助于理解JSON的主体"部分.只需在IAM中创建一个用户,然后填写适当的信息即可.
- 资源部分可能有点挑剔.根据您授予的权限,您需要考虑是否应指定存储桶中的对象(因此,应在MY_BUCKET之后指定"/*")还是存储桶本身.如果您在尝试保存存储桶时开始出错(类似于操作不适用于语句中的任何资源..."之类的内容,则可能是您指定了错误的资源.
- 您可能要尝试的最后一件事就是向所有人开放您的权限(将Principal指定为"*"),直到可以使用该功能为止.然后,在处理问题时通过更改Principal来减少访问列表.
这篇关于Ruby S3“访问被拒绝" ACL调用upload_file时发生错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!