Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/amazon-s3/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon s3 S3写入访问被拒绝-存储桶需要不同的策略_Amazon S3_Acl - Fatal编程技术网
Fatal编程技术网
  • amazon-s3/
  • Amazon s3 S3写入访问被拒绝-存储桶需要不同的策略

Amazon s3 S3写入访问被拒绝-存储桶需要不同的策略

amazon-s3

Amazon s3 S3写入访问被拒绝-存储桶需要不同的策略,amazon-s3,acl,Amazon S3,Acl,当我尝试从本地开发人员机器上载到新创建的S3存储桶“开发人员映像”时,我遇到写访问错误。我发现我可以(并且已经能够)从本地运行的应用程序上传到S3 prod“image”bucket,但不能从同一环境上传到“dev image”。如果禁用“阻止所有公共访问”,则存储桶所有者可以列出和写入两个存储桶的对象。我必须特别向“dev image”bucket添加一个策略,以允许写访问(PutObject)。这两个桶肯定有些不同,但我看不出来。你知道去哪里找吗 以下是AWS S3上的策略: dev-ima

当我尝试从本地开发人员机器上载到新创建的S3存储桶“开发人员映像”时,我遇到写访问错误。我发现我可以(并且已经能够)从本地运行的应用程序上传到S3 prod“image”bucket,但不能从同一环境上传到“dev image”。如果禁用“阻止所有公共访问”,则存储桶所有者可以列出和写入两个存储桶的对象。我必须特别向“dev image”bucket添加一个策略,以允许写访问(PutObject)。这两个桶肯定有些不同,但我看不出来。你知道去哪里找吗

以下是AWS S3上的策略:

dev-image:

{
    "Version": "2012-10-17",
    "Id": "Policy1606066621241",
    "Statement": [
        {
            "Sid": "Allow all read",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::dev-image/*"
        },
        {
            "Sid": "Allow write from dev machine",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::dev-image/*",
             }
        }
    ]
}

image:

{
    "Version": "2012-10-17",
    "Id": "Policy1445028673753",
    "Statement": [
        {
            "Sid": "Allow all read",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::image/*"
        } 
   ]
}
这是表格代码:

<form class="form-horizontal" name="s3Form" action=<%= s3FormAction %> method="post" enctype="multipart/form-data">

    <fieldset>

        <input type="hidden" name="key" value="<%= imageFileName %>">
        <input type="hidden" name="AWSAccessKeyId" value="<%= S3AccessKeyId %>"> 
        <input type="hidden" name="acl" value="private"> 
        <input type="hidden" name="success_action_redirect" value="<%= s3SuccessAction %>">
        <input type="hidden" name="policy" value="<%= encPolicy %>" >
        <input type="hidden" name="signature" value="<%= signature %>" >
        <input type="hidden" name="Content-Type" value="image/jpeg">
您能展示一下您使用的代码或命令吗?我添加了策略和一些表单代码。我正在使用JSP,post to AWS将这些字段发送给它们,然后AWS将状态发回。问题是,相同的代码适用于映像bucket,而不适用于dev映像bucket,除非dev映像策略明确声明允许对象写入 
public static String encodeS3Policy(String s3SuccessAction, String bucket) throws Exception
    {
        String policy =
            "{\"expiration\": \"2040-01-01T00:00:00Z\"," +
              "\"conditions\": [" +
                (bucket==null || bucket.length()==0 ? "" : "{\"bucket\": \"" + bucket + "\"}," ) +
                "[\"starts-with\", \"$key\", \"\"]," +
                "{\"acl\": \"private\"}," +
                "{\"success_action_redirect\": \"" + s3SuccessAction + "\"}," +
                "[\"starts-with\", \"$Content-Type\", \"\"]," +
                "[\"content-length-range\", 0, 10485760]" +                                 // 10 MB max file up load
                "]" +
            "}";

        policy.replaceAll("\n","").replaceAll("\r","");


        // Encode the policy
        String encPolicy = Base64.getEncoder().encodeToString(policy.getBytes("UTF-8"));

        return encPolicy;
    }