“访问被拒绝"； -用户对S3存储桶的权限 [英] "Access Denied" - User's Permissions to S3 Bucket

问题描述

我发送了一封自动发送的订单电子邮件，现在正尝试提供一个链接来下载PDF收据.

I send out an automated email for orders, and am now trying to have a link to download the a PDF receipt.

尝试下载时说该XML文件似乎没有任何与样式相关的信息.文档树如下所示."，用户在浏览器中遇到错误.

我已经进入存储桶并在收据存储桶上运行公开"，仍然没有运气.文件结构为:

I've gone into the bucket and run "Make Public" on the receipt bucket, still no luck. File structure is:

应用名称/上传/订单/收据

我该怎么做才能允许用户权限下载其收据?

What do I need to do to allow permissions for User's to be able to download their receipts?

推荐答案

对于s3上的特定文件也存在类似的问题.通过使用mv命令和--acl参数更改文件的访问权限来解决此问题.尝试访问名为data.jsonlines的文件时出现了ACCESS DENIED错误.通过运行以下命令来解决该问题:

Had a similar issue with a particular file on s3. Solved the issue by changing the access permissions of the file using the mv command and the --acl argument. Trying to access a file called data.jsonlines gave the ACCESS DENIED error. Solved it by running the following commands:

aws s3 cp s3://<s3 bucket name>/path/to/file/data.jsonlines  s3://cfa-opengazettes-ke/gazettes/data_copy.jsonlines 

aws s3 mv --acl public-read s3://<s3 bucket name>/path/to/file/data_copy.jsonlines s3://cfa-opengazettes-ke/gazettes/data.jsonlines

或者您可以通过运行组合:

aws s3 cp s3://<s3 bucket name>/path/to/file/data_out.jsonlines  s3://cfa-opengazettes-ke/gazettes/data_out2.jsonlines && aws s3 mv --acl public-read s3://cfa-opengazettes-ke/gazettes/data_out2.jsonlines s3://<s3 bucket name>/path/to/file/data_out.jsonlines

这些命令执行以下步骤:

These commands carry out the steps below:

• 副本:s3://<s3 bucket name>/path/to/file/data.jsonlines至 s3://c<s3 bucket name>/path/to/file/data_copy.jsonlines

移动:s3://<s3 bucket name>/path/to/file/data_copy.jsonlines至 s3://cfa-opengazettes-ke/path/to/file/data.jsonlines

基本上，它会创建文件的副本，然后在移动过程中将其删除，同时更改文件的权限.

Basically, it creates a copy of the file and then deletes it during the move while changing the permissions of the file.

请注意--acl选项和参数public-read.从文档:

Note the --acl option and the argument public-read. From the documentation:

-acl(字符串)设置执行命令时对象的ACL.如果使用此参数，则必须具有 您的操作列表中包含"s3:PutObjectAcl"权限 IAM政策.仅接受私有，公开阅读， 公共读写，已认证读取， aws-exec-read ， bucket-owner-read ， bucket-owner-full-control 和 log-delivery-write .

--acl (string) Sets the ACL for the object when the command is performed. If you use this parameter you must have the "s3:PutObjectAcl" permission included in the list of actions for your IAM policy. Only accepts values of private, public-read, public-read-write, authenticated-read, aws-exec-read, bucket-owner-read, bucket-owner-full-control and log-delivery-write.

此 AWS页面

这篇关于“访问被拒绝"； -用户对S3存储桶的权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！