Amazon web services AWS Golang S3管理器上载:访问被拒绝
我使用S3上传管理器将一个大文件上传到S3Amazon web services AWS Golang S3管理器上载:访问被拒绝,amazon-web-services,go,amazon-s3,aws-lambda,terraform,Amazon Web Services,Go,Amazon S3,Aws Lambda,Terraform,我使用S3上传管理器将一个大文件上传到S3 if _, err := uploader.UploadWithContext(ctx, &s3manager.UploadInput{ Bucket: aws.String(s.Config.GetS3ExportBucket()), Key: aws.String(key), Body: bytes.NewReader(buf.B
if _, err := uploader.UploadWithContext(ctx, &s3manager.UploadInput{
Bucket: aws.String(s.Config.GetS3ExportBucket()),
Key: aws.String(key),
Body: bytes.NewReader(buf.Bytes()),
ContentEncoding: aws.String("gzip"),
ContentType: aws.String("application/json"),
}); err != nil {
return fmt.Errorf("failed to upload file, %w", err)
}
根据AWS文件,我也向我的lambda提供了权限
#Created Policy for IAM Role
resource "aws_iam_policy" "s3_write_policy" {
name = "${local.namespace}-s3-write-access"
description = "Allow Lambda to access s3 where back will be written"
policy = data.aws_iam_policy_document.s3_write_policy.json
}
data "aws_iam_policy_document" "s3_write_policy" {
statement {
sid = "WriteObjectActions"
effect = "Allow"
actions = [
"s3:AbortMultipartUpload",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:PutObject",]
resources = [
aws_s3_bucket.db_export.arn]
}
}
但是,我一直从S3中收到拒绝访问的错误。您不仅需要提供对bucket的访问,还需要提供对bucket中所有对象的访问 试试这个政策
data "aws_iam_policy_document" "s3_write_policy" {
statement {
sid = "WriteObjectActions"
effect = "Allow"
actions = [
"s3:AbortMultipartUpload",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:PutObject",]
resources = [
aws_s3_bucket.db_export.arn,
"${aws_s3_bucket.db_export.arn}/*"]
}
}
您不仅需要提供对bucket的访问,还需要提供对bucket中所有对象的访问 试试这个政策
data "aws_iam_policy_document" "s3_write_policy" {
statement {
sid = "WriteObjectActions"
effect = "Allow"
actions = [
"s3:AbortMultipartUpload",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:PutObject",]
resources = [
aws_s3_bucket.db_export.arn,
"${aws_s3_bucket.db_export.arn}/*"]
}
}
如果看不到您输入的URL和资源字符串,就不可能看到您是正确的。替换敏感部分并用URL和资源字符串重新发布。如果看不到您要发布的URL和资源字符串,就不可能看到您是正确的。替换敏感部分并用URL和资源字符串重新发布。