受保護的儲存桶 @ S3 - 存取被拒絕

tag-icon tag-icon amazon-web-services amazon-s3 cloudberry
受保護的儲存桶 @ S3 - 存取被拒絕

我嘗試使用以下儲存桶策略向特定使用者授予對給定儲存桶的 RW 存取權:

{
  "Id": "Policy1322043790167",
  "Statement": [
    {
      "Sid": "Stmt9999043784080",
      "Action": [
        "s3:AbortMultipartUpload",
        "s3:DeleteObject",
        "s3:DeleteObjectVersion",
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::private_bucket/*",
      "Principal": {
        "AWS": [
          "arn:aws:iam::999903749999:user/my.username.under.my.aws.account"
        ]
      }
    }
  ]
}

據我所知,它與以下示例非常相似http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?AccessPolicyLanguage_UseCases_s3_a.html我已經按照記錄的內容進行了操作http://docs.amazonwebservices.com/IAM/latest/GettingStartedGuide/index.html?SetUpAdminsGroup.html

但這不起作用。將使用者 AWS Key 和 Secret Key 與 .NET SDK 或 CloudBerry Explorer 一起使用,我得到“拒絕訪問”錯誤。

我缺什麼?

以下日誌是 Cloudberry 嘗試的操作日誌的片段:

System.Net.WebException 伺服器遠端回傳錯誤:(403) Proibido。 em System.Net.HttpWebRequest.GetResponse() em db.A(dD , Action`1 , HttpWebRequest , dW )

2011-11-23 08:36:10,505 [S3] [4] INFO - InternalListBucketCall 開始,儲存桶:secured_bucket,前綴:,標記:,maxkeys:1,分隔符號:/ 2011-11-23 08:386:1 [S3 ] [4] 錯誤- Http 回應狀態:403:禁止2011-11-23 08:36:11,390 [S3] [4] 錯誤- Http 回應標頭:x-amz-request-id:70941BB8654CE12E 20111 -23 08 :36:11,392 [S3] [4]錯誤- Http回應標頭:x-amz-id-2:JssG1wXtZSjiGO8oVb9B46NNkn24TpZToD4u/KZAFaPBFBECF7YDMPnck錯誤- Http回應頭:傳輸-編碼:分塊2011-11-23 08:36:11,396 [S3] [4]錯誤- Http回應標頭:Content-Type:application/xml 2011-11-23 08:36:11,398 [ S3] [4]錯誤- Http 回應標頭:日期:2011 年11 月23 日星期三10:36:31 GMT 2011-11-23 08:36:11,400 [S3] [4] 錯誤- Http 回應標頭:伺服器:AmazonS3 2011-11-23 08: 36:11,402 [S3] [4] 錯誤 - AccessDenied存取被拒絕70941BB8654CE12EJssG1wXtZSjiGO8oVb9B46NNkn24TpZTo 8:36:11,404 [S3] [4] 錯誤-儲存桶的InternalListBucketCall 失敗:secured_bucket,前綴:,標記:,maxkeys:1,分隔符號:/CloudBerryLab.Base.Exceptions.Status403Exception 存取被拒絕

2011-11-23 08:36:11,407 [UI] [4] 錯誤 - 操作已完成,但有錯誤。點擊詳細資訊以了解更多資訊。 CloudBerryLab.Base.Exceptions.Status403Exception 存取被拒絕em kT.A(String , String , String , Int32 , String , FH ) em kT.B(String , String ) em kM.a(String , Boolean ) em HW.a( String , 布爾 ) em HW.A(String ) em CloudBerryLab.Explorer.Console.Controls.PluginArea.A(Object , DoWorkEventArgs )

2011-11-23 08:36:18,776 [基礎] [11] 訊息 - PROCESSOR_ARCHITECTURE=x86

答案1

我不是 s3 專家,但您是否嘗試過授予它 ListAllMyBuckets 權限?當我嘗試從 ec2 實例使用 s3cmd 存取 s3 時,我遇到了這個問題,即使我使用 :* 授予了所有權限,但我必須明確授予 ListAllMyBuckets 權限:

"Sid": "Stmt1397683550000",
  "Effect": "Allow",
  "Action": [
    "s3:ListAllMyBuckets"
  ],
  "Resource": [
    "arn:aws:s3:::mybucketname"
  ]

相關內容