Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/amazon-s3/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services 不同的行为;aws s3 ls“;及;aws s3api列表对象“;_Amazon Web Services_Amazon S3_Bucket_Amazon Iam - Fatal编程技术网
Fatal编程技术网
  • amazon-web-services/
  • Amazon web services 不同的行为;aws s3 ls“;及;aws s3api列表对象“;

Amazon web services 不同的行为;aws s3 ls“;及;aws s3api列表对象“;

amazon-web-services amazon-s3

Amazon web services 不同的行为;aws s3 ls“;及;aws s3api列表对象“;,amazon-web-services,amazon-s3,bucket,amazon-iam,Amazon Web Services,Amazon S3,Bucket,Amazon Iam,我看到了aws s3 ls和aws s3api列表存储桶的不同行为 这是第一个: $ aws s3 ls s3://demo.for.customers Bucket: demo.for.customers Prefix: LastWriteTime Length Name ------------- ------ ---- PRE 5CE4D191-FD14-4C85-8146-9FB8C29B

我看到了aws s3 ls和aws s3api列表存储桶的不同行为

这是第一个:

$ aws s3 ls s3://demo.for.customers

Bucket: demo.for.customers
Prefix: 

      LastWriteTime     Length Name
      -------------     ------ ----
                           PRE 5CE4D191-FD14-4C85-8146-9FB8C29B7A7B/
                           PRE FFBC4675-F864-40E9-8AB8-BDF7A0437010/
因此,我可以列出bucket中的对象demo.for.customers

现在,当我使用s3api运行相同的东西时,我的访问被拒绝:

$ aws s3api list-objects --bucket demo.for.customers
A client error (AccessDenied) occurred: Access Denied
问题:为什么我通过s3api拒绝访问列出的对象

我提出这个问题的原因是,如果我使用AWS S3 Ruby SDK,我会遇到同样的问题

但是,当我使用aws s3 ls时,一切都很好

因此,AWS S3 Ruby SDK和AWS s3api表现出相同的行为。因此,我在这里仅粘贴aws s3api CLI的问题

顺便说一句,以下是已应用于运行上述所有命令的用户的IAM策略:

{
  "Statement": [
    {
      "Action": [
        "s3:ListAllMyBuckets",
        "s3:GetBucketLocation"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::"
      ]
    },
    {
      "Action": [
        "s3:ListBucket"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::demo.for.customers"
      ],
      "Condition": {
        "StringEquals": {
          "s3:prefix": [
            "",
            "FFBC4675-F864-40E9-8AB8-BDF7A0437010/"
          ],
          "s3:delimiter": [
            "/"
          ]
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": [
        "arn:aws:s3:::demo.for.customers/FFBC4675-F864-40E9-8AB8-BDF7A0437010/"
      ]
    }
  ]
}
下面是产生完全相同错误的ruby代码

#!/usr/bin/ruby

require 'aws-sdk'
require 'awesome_print'
AWS.config( :access_key_id      => 'whatever', 
            :secret_access_key  => 'again whatever',
            :region             => 'us-west-2')

s3 = AWS.s3
buckets = s3.client.list_objects(:bucket_name => "demo.for.customers")
ap buckets
输出为:

# ruby s3policies.rb 
/var/lib/gems/1.9.1/gems/aws-sdk-1.14.1/lib/aws/core/client.rb:366:in `return_or_raise': Access Denied (AWS::S3::Errors::AccessDenied)
根据您定义的角色,对列表对象的调用需要前缀和分隔符

以下命令适用于您:

aws s3api list-objects --bucket demo.for.customers --prefix "" --delimiter "/"

aws s3api list-objects --bucket demo.for.customers --prefix ""

aws s3api list-objects --bucket demo.for.customers
如果删除ListBucket策略中的分隔符条件,则这将适用于您:

aws s3api list-objects --bucket demo.for.customers --prefix "" --delimiter "/"

aws s3api list-objects --bucket demo.for.customers --prefix ""

aws s3api list-objects --bucket demo.for.customers
如果您还删除了前缀条件,则这将适用于您:

aws s3api list-objects --bucket demo.for.customers --prefix "" --delimiter "/"

aws s3api list-objects --bucket demo.for.customers --prefix ""

aws s3api list-objects --bucket demo.for.customers
测试上述内容的一个好方法是复制您的角色策略并逐步删除条件,直到其按预期运行。

确保您运行此实用程序的位置(目录)设置了正确的权限

目录应该具有正确的所有权(所有者应该是运行此实用程序的用户,而不是root用户或任何其他用户),并且有足够的权限创建目录。

我今天早些时候遇到了这个问题。我转到我的bucket并选择了属性,将权限更改为“已验证的用户”,现在一切正常。这是错误的。您所需要的只是~/.aws/credentials中指定的凭据