AWS S3服务器端加密访问被拒绝错误 [英] AWS S3 Server side encryption Access denied error
问题描述
- 我有A和B两个AWS账户,并且我正在将S3存储桶从A账户SoruceS3Bucket同步到B账户DestinationS3Bucket.
- 以下是应用于目标"存储桶的存储桶策略,它允许Source AWS帐户将内容与DestinationS3Bucket同步.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PermissionsToAAccount",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXXXXX:root"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::DestinationS3Bucket",
"arn:aws:s3:::DestinationS3Bucket/*"
]
}
]
}
- 从很长时间以来,同步就一直在正常运行,并且仍然可以正常工作,但是从最近几天开始,由于服务器端加密访问被拒绝错误,无法访问DestinationS3Bucket文件.
- 我已验证SourceS3Bucket和DestinationS3Bucket上没有加密(默认加密,没有加密),并且我正在使用Source AWS帐户密钥和访问密钥来同步内容.预先感谢.
- Here the sync was working perfectly since long time and it is still working but from last few days at the DestinationS3Bucket files are not accessible with the Server side encryption Access denied error.
- I have verified there no encryption(Default encryption, none) on SourceS3Bucket and DestinationS3Bucket and I am using Source AWS account secret and access key to sync the content. Thanks in advance.
推荐答案
使用帐户A的凭据将帐户A中一个S3存储桶中的文件复制到帐户B中的存储桶中时,目标存储桶中文件的所有者将是帐户A.(帐户A是在帐户B的存储桶中创建文件的主体).
When you copy files from one S3 bucket in account A using credentials of account A to a bucket in account B, the owner of the files in the destination bucket will be account A. (Account A is the principal that created the files in account B's bucket).
在文件从源存储桶复制到目标存储桶的过程中,添加--acl bucket-owner-full-control选项,以便帐户B可以控制文件.否则,您可能在帐户B的存储桶中有文件,帐户B无法访问或控制这些文件.
During the file copy from source to destination bucket, add the --acl bucket-owner-full-control option so that account B can control the files. Otherwise you might have files in account B's bucket that account B cannot access or control.
另一种选择是使用帐户B的凭据将其从源复制到目标存储桶.这样,复制文件的所有者就是帐户B.
Another option is to use the credentials of account B to copy from the source to the destination bucket. This way the owner of the copied files is account B.
这篇关于AWS S3服务器端加密访问被拒绝错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
