“访问被拒绝"; -用户对S3存储桶的权限 [英] "Access Denied" - User's Permissions to S3 Bucket
问题描述
我发送了一封自动发送的订单电子邮件,现在正尝试提供一个链接来下载PDF收据.
I send out an automated email for orders, and am now trying to have a link to download the a PDF receipt.
尝试下载时说该XML文件似乎没有任何与样式相关的信息.文档树如下所示.",用户在浏览器中遇到错误.
我已经进入存储桶并在收据存储桶上运行公开",仍然没有运气.文件结构为:
I've gone into the bucket and run "Make Public" on the receipt bucket, still no luck. File structure is:
应用名称/上传/订单/收据
我该怎么做才能允许用户权限下载其收据?
What do I need to do to allow permissions for User's to be able to download their receipts?
推荐答案
对于s3上的特定文件也存在类似的问题.通过使用mv命令和--acl
参数更改文件的访问权限来解决此问题.尝试访问名为data.jsonlines
的文件时出现了ACCESS DENIED
错误.通过运行以下命令来解决该问题:
Had a similar issue with a particular file on s3. Solved the issue by changing the access permissions of the file using the mv command and the --acl
argument. Trying to access a file called data.jsonlines
gave the ACCESS DENIED
error. Solved it by running the following commands:
aws s3 cp s3://<s3 bucket name>/path/to/file/data.jsonlines s3://cfa-opengazettes-ke/gazettes/data_copy.jsonlines
aws s3 mv --acl public-read s3://<s3 bucket name>/path/to/file/data_copy.jsonlines s3://cfa-opengazettes-ke/gazettes/data.jsonlines
或者您可以通过运行组合:
aws s3 cp s3://<s3 bucket name>/path/to/file/data_out.jsonlines s3://cfa-opengazettes-ke/gazettes/data_out2.jsonlines && aws s3 mv --acl public-read s3://cfa-opengazettes-ke/gazettes/data_out2.jsonlines s3://<s3 bucket name>/path/to/file/data_out.jsonlines
这些命令执行以下步骤:
These commands carry out the steps below:
-
副本:
s3://<s3 bucket name>/path/to/file/data.jsonlines
至s3://c<s3 bucket name>/path/to/file/data_copy.jsonlines
移动:s3://<s3 bucket name>/path/to/file/data_copy.jsonlines
至
s3://cfa-opengazettes-ke/path/to/file/data.jsonlines
基本上,它会创建文件的副本,然后在移动过程中将其删除,同时更改文件的权限.
Basically, it creates a copy of the file and then deletes it during the move while changing the permissions of the file.
请注意--acl
选项和参数public-read
.从文档:
Note the --acl
option and the argument public-read
. From the documentation:
-acl(字符串)设置执行命令时对象的ACL.如果使用此参数,则必须具有 您的操作列表中包含"s3:PutObjectAcl"权限 IAM政策.仅接受私有,公开阅读, 公共读写,已认证读取, aws-exec-read , bucket-owner-read , bucket-owner-full-control 和 log-delivery-write .
--acl (string) Sets the ACL for the object when the command is performed. If you use this parameter you must have the "s3:PutObjectAcl" permission included in the list of actions for your IAM policy. Only accepts values of private, public-read, public-read-write, authenticated-read, aws-exec-read, bucket-owner-read, bucket-owner-full-control and log-delivery-write.
此 AWS页面
这篇关于“访问被拒绝"; -用户对S3存储桶的权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!