Amazon ec2 s3cmd put失败,访问被拒绝
我正在尝试使用以下命令将一些文件从EC2实例复制到S3Amazon ec2 s3cmd put失败,访问被拒绝,amazon-ec2,amazon-s3,Amazon Ec2,Amazon S3,我正在尝试使用以下命令将一些文件从EC2实例复制到S3 s3cmd put datafile s3://mybucket/datafile 并得到以下错误 ERROR: S3 error: Access Denied 我有以下IAM政策 { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:*", "
s3cmd put datafile s3://mybucket/datafile
并得到以下错误
ERROR: S3 error: Access Denied
我有以下IAM政策
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:*",
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"Resource": "*"
}
]
}
mybucket的S3 Bucket策略
{
"Version": "2008-10-17",
"Id": "backupPolicy",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::xxxxx:user/xxxx"
},
"Action": [
"s3:ListBucket",
"s3:PutObjectAcl",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::mybucket/*",
"arn:aws:s3:::mybucket"
]
}
]
}
我不确定我做错了什么<代码>s3cmd ls s3://mybucket工作正常
我尝试在SO上搜索此问题,但所有帖子基本上都要求您添加IAM策略,我已经有了。我认为除了列表之外,您还需要拥有IAM的写入权限:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:*",
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"Resource": "*"
},
{
"Sid": "Stmt1406613887001",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::mybucket",
"arn:aws:s3:::mybucket/*"
]
}
]
}
用户IAM策略需要读/写权限,而不仅仅是存储桶。AWS将始终应用限制性更强的策略,默认为隐式“拒绝” 我发现bucket策略更适合公众访问(即向世界提供资产),而不是限制委托人。当您开始组合bucket+用户策略时,会出现复杂情况,并且管理用户端通常会容易得多