Amazon s3 Boto无法通过S3 IAM角色进行身份验证
我有一个角色叫Role1。该角色应用了以下策略 我有一个ec2实例,其IAM角色为Role1 当我尝试conn.get_bucket('fooo_udata')时,返回403错误 有什么想法吗Amazon s3 Boto无法通过S3 IAM角色进行身份验证,amazon-s3,boto,amazon-iam,Amazon S3,Boto,Amazon Iam,我有一个角色叫Role1。该角色应用了以下策略 我有一个ec2实例,其IAM角色为Role1 当我尝试conn.get_bucket('fooo_udata')时,返回403错误 有什么想法吗 { "Statement": [ { "Effect": "Allow", "Action": ["s3:ListAllMyBuckets"], "Resource": "arn:aws:s3:::*" }, { "Effect": "Allow", "Action": ["s3:
{
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListAllMyBuckets"],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": ["s3:ListBucket","s3:GetBucketLocation","s3:*"],
"Resource": ["arn:aws:s3:::fooo_uadata/","arn:aws:s3:::fooo_uadata/*"]
},
{
"Effect": "Allow",
"Action": ["s3:PutObject","s3:GetObject","s3:DeleteObject"],
"Resource": ["arn:aws:s3:::fooo_uadata/","arn:aws:s3:::fooo_uadata/*"]
}
]
}
我认为您不想在bucket策略中包含“/”字符。因此,尝试改变:
{
"Effect": "Allow",
"Action": ["s3:ListBucket","s3:GetBucketLocation","s3:*"],
"Resource": ["arn:aws:s3:::fooo_uadata/","arn:aws:s3:::fooo_uadata/*"]
},
为此:
{
"Effect": "Allow",
"Action": ["s3:ListBucket","s3:GetBucketLocation","s3:*"],
"Resource": ["arn:aws:s3:::fooo_uadata","arn:aws:s3:::fooo_uadata*"]
},
因为您的bucket的名称是foo\u uadata
而不是foo\u uadata/