AWS S3访问被拒绝错误 [英] AWS S3 Access Denied Error
问题描述
当我尝试打开S3存储桶中托管的文件时,出现访问拒绝错误.
I am getting access denied error when I try to open a file I have hosted on my S3 bucket.
当我的Django应用尝试获取相同的文件时,我的控制台上出现403 Forbidden Error.
When my Django app tries to get the same file I get 403 Forbidden Error on my console.
我已经公开了所有文件,但还是没有运气.
I have made all the files public but still no luck.
我打开文件链接时得到了这个信息.
I am getting this when I open a link to a file.
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>D4FCD94BD9DEE9F8</RequestId>
<HostId>
J9RtjMA4wk8kL4f+Ye/6XAQaXrfi9lz5HZ1tWRut8E5Qf/b8RAQbAF/fp3j2bep8Jfd+dtim/fs=
</HostId>
</Error>
我的CORS配置是这个
My CORS Configuration is this
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
我应该怎么做才能使我的静态文件得到正确提供?
What should I do so that my static files get served properly ?
这是我的存储桶策略
{
"Statement": [
{
"Sid": "PublicReadForGetBucketObjects",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::****storage/*"
]
},
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::****storage",
"arn:aws:s3:::****storage/*"
],
"Principal": {
"AWS": [
"arn:aws:iam::0084507*****:user/****"
]
}
}
]
}
settings.py中的AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY是我为在AWS IAM管理中创建的用户所获得的.
The AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY in my settings.py are the ones I got for the user I created in AWS IAM management.
推荐答案
确实没有很好的文档说明,但是您需要两个访问语句.
It is really not documented well, but you need two access statements.
除了允许您实际要做的事情的语句(GetObject为"arn:aws:s3 ::: **** storage/*")之外,您还需要一个允许ListBucket应用于存储桶本身的语句, "arn:aws:s3 ::: ****存储".在内部,Aws客户端会在执行操作之前尝试列出存储桶,以确定它是否存在.
In addition to the statement allowing the things you actually want done (GetObject to "arn:aws:s3:::****storage/*"), you also need a statement that allows ListBucket to the bucket itself, "arn:aws:s3:::****storage". Internally, the Aws client will try to list the bucket to determine it exists before doing its action.
文档是不好的,所以似乎只是增加了越来越多的权限,直到出现一些令人发指的事情,才是常见的错误.
The docs are bad, so it seems to be a common flailing to just add more and more permissions until something bleeping works.
第二条语句应如下所示:
With the second statement, it should look like:
{
"Statement": [
{
"Sid": "PublicReadForGetBucketObjects",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::storage/*"
]
},
{
"Sid": "somethingElse",
"Action": "s3:ListBucket",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::storage",
],
"Principal": {
"AWS": [
"arn:aws:iam::0084507*****:user/****"
]
}
}
]
}
注意:如果您使用的是IAM,则可以跳过主体"部分.
Note: If you're using IAM, you can skip the "Principal" part.
这篇关于AWS S3访问被拒绝错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!