Amazon s3 S3写入访问被拒绝-存储桶需要不同的策略
当我尝试从本地开发人员机器上载到新创建的S3存储桶“开发人员映像”时,我遇到写访问错误。我发现我可以(并且已经能够)从本地运行的应用程序上传到S3 prod“image”bucket,但不能从同一环境上传到“dev image”。如果禁用“阻止所有公共访问”,则存储桶所有者可以列出和写入两个存储桶的对象。我必须特别向“dev image”bucket添加一个策略,以允许写访问(PutObject)。这两个桶肯定有些不同,但我看不出来。你知道去哪里找吗 以下是AWS S3上的策略:Amazon s3 S3写入访问被拒绝-存储桶需要不同的策略,amazon-s3,acl,Amazon S3,Acl,当我尝试从本地开发人员机器上载到新创建的S3存储桶“开发人员映像”时,我遇到写访问错误。我发现我可以(并且已经能够)从本地运行的应用程序上传到S3 prod“image”bucket,但不能从同一环境上传到“dev image”。如果禁用“阻止所有公共访问”,则存储桶所有者可以列出和写入两个存储桶的对象。我必须特别向“dev image”bucket添加一个策略,以允许写访问(PutObject)。这两个桶肯定有些不同,但我看不出来。你知道去哪里找吗 以下是AWS S3上的策略: dev-ima
dev-image:
{
"Version": "2012-10-17",
"Id": "Policy1606066621241",
"Statement": [
{
"Sid": "Allow all read",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::dev-image/*"
},
{
"Sid": "Allow write from dev machine",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::dev-image/*",
}
}
]
}
image:
{
"Version": "2012-10-17",
"Id": "Policy1445028673753",
"Statement": [
{
"Sid": "Allow all read",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::image/*"
}
]
}
这是表格代码:
<form class="form-horizontal" name="s3Form" action=<%= s3FormAction %> method="post" enctype="multipart/form-data">
<fieldset>
<input type="hidden" name="key" value="<%= imageFileName %>">
<input type="hidden" name="AWSAccessKeyId" value="<%= S3AccessKeyId %>">
<input type="hidden" name="acl" value="private">
<input type="hidden" name="success_action_redirect" value="<%= s3SuccessAction %>">
<input type="hidden" name="policy" value="<%= encPolicy %>" >
<input type="hidden" name="signature" value="<%= signature %>" >
<input type="hidden" name="Content-Type" value="image/jpeg">
您能展示一下您使用的代码或命令吗?我添加了策略和一些表单代码。我正在使用JSP,post to AWS将这些字段发送给它们,然后AWS将状态发回。问题是,相同的代码适用于映像bucket,而不适用于dev映像bucket,除非dev映像策略明确声明允许对象写入
public static String encodeS3Policy(String s3SuccessAction, String bucket) throws Exception
{
String policy =
"{\"expiration\": \"2040-01-01T00:00:00Z\"," +
"\"conditions\": [" +
(bucket==null || bucket.length()==0 ? "" : "{\"bucket\": \"" + bucket + "\"}," ) +
"[\"starts-with\", \"$key\", \"\"]," +
"{\"acl\": \"private\"}," +
"{\"success_action_redirect\": \"" + s3SuccessAction + "\"}," +
"[\"starts-with\", \"$Content-Type\", \"\"]," +
"[\"content-length-range\", 0, 10485760]" + // 10 MB max file up load
"]" +
"}";
policy.replaceAll("\n","").replaceAll("\r","");
// Encode the policy
String encPolicy = Base64.getEncoder().encodeToString(policy.getBytes("UTF-8"));
return encPolicy;
}