“拒绝访问"- 用户对 S3 存储桶的权限 [英] "Access Denied" - User's Permissions to S3 Bucket
问题描述
我发送了一封自动发送的订单电子邮件,现在正在尝试提供下载 PDF 收据的链接.
I send out an automated email for orders, and am now trying to have a link to download the a PDF receipt.
用户在尝试下载时在浏览器中收到错误消息,提示此 XML 文件似乎没有与之关联的任何样式信息.文档树如下所示."
User's are getting an error in the browser when trying to download saying "This XML file does not appear to have any style information associated with it. The document tree is shown below."
我已经进入存储桶并在收据存储桶上运行公开",但仍然没有运气.文件结构为:
I've gone into the bucket and run "Make Public" on the receipt bucket, still no luck. File structure is:
应用名称/上传/订单/收据
我需要做什么才能允许用户下载收据?
推荐答案
在 s3 上的特定文件中遇到了类似的问题.通过使用 mv 命令和 --acl 参数更改文件的访问权限解决了该问题.尝试访问名为 data.jsonlines 的文件会出现 ACCESS DENIED 错误.通过运行以下命令解决它:
Had a similar issue with a particular file on s3. Solved the issue by changing the access permissions of the file using the mv command and the --acl argument. Trying to access a file called data.jsonlines gave the ACCESS DENIED error. Solved it by running the following commands:
aws s3 cp s3://<s3 bucket name>/path/to/file/data.jsonlines s3://cfa-opengazettes-ke/gazettes/data_copy.jsonlines
aws s3 mv --acl public-read s3://<s3 bucket name>/path/to/file/data_copy.jsonlines s3://cfa-opengazettes-ke/gazettes/data.jsonlines
或者您可以通过运行组合它们:
Or you can combine them by running:
aws s3 cp s3://<s3 bucket name>/path/to/file/data_out.jsonlines s3://cfa-opengazettes-ke/gazettes/data_out2.jsonlines && aws s3 mv --acl public-read s3://cfa-opengazettes-ke/gazettes/data_out2.jsonlines s3://<s3 bucket name>/path/to/file/data_out.jsonlines
这些命令执行以下步骤:
These commands carry out the steps below:
复制:
s3://到/path/to/file/data.jsonlines s3://c/path/to/file/data_copy.jsonlines
移动:s3:// 到s3://cfa-opengazettes-ke/path/to/file/data.jsonlines
基本上,它会创建文件的副本,然后在移动过程中删除它,同时更改文件的权限.
Basically, it creates a copy of the file and then deletes it during the move while changing the permissions of the file.
注意 --acl 选项和参数 public-read.来自文档:
Note the --acl option and the argument public-read. From the documentation:
--acl (string) 在执行命令时设置对象的 ACL.如果使用此参数,则必须具有s3:PutObjectAcl"权限包含在您的操作列表中IAM 政策.只接受private、public-read、public-read-write、authenticated-read、aws-exec-read、bucket-owner-read、bucket-owner-full-control 和 log-delivery-write.
--acl (string) Sets the ACL for the object when the command is performed. If you use this parameter you must have the "s3:PutObjectAcl" permission included in the list of actions for your IAM policy. Only accepts values of private, public-read, public-read-write, authenticated-read, aws-exec-read, bucket-owner-read, bucket-owner-full-control and log-delivery-write.
这篇关于“拒绝访问"- 用户对 S3 存储桶的权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
