CreateMultipartUpload 操作 - 需要 AWS 策略项目吗? [英] CreateMultipartUpload operation - AWS policy items needed?
本文介绍了CreateMultipartUpload 操作 - 需要 AWS 策略项目吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在通过 aws cli 控制台进行分段上传,但收到此错误;
I'm doing multipart upload via aws cli console but getting this error;
A client error (AccessDenied) occurred when calling the CreateMultipartUpload operation: Access Denied
以下是我的政策,我是否遗漏了什么?
Below is my policy, am I missing something in there?
谢谢.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::mybucket"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:CreateMultipartUpload",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::mybucket/*"
}
]
}
推荐答案
s3:PutObject"处理 CreateMultipartUpload 操作,所以我猜没有像s3:CreateMultipartUpload"这样的东西.
The "s3:PutObject" handles the CreateMultipartUpload operation so I guess there is nothing like "s3:CreateMultipartUpload".
您必须在 s3 存储桶 ARN 中更改的内容就像还要添加 "Resource": "arn:aws:s3::mybucket"
The thing you have to change in your s3 bucket ARN is like add also "Resource": "arn:aws:s3:::mybucket"
最终政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::mybucket"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::mybucket",
"arn:aws:s3:::mybucket/*"
]
}
]
}
这篇关于CreateMultipartUpload 操作 - 需要 AWS 策略项目吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文