Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/12.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services AWS Golang S3管理器上载:访问被拒绝_Amazon Web Services_Go_Amazon S3_Aws Lambda_Terraform - Fatal编程技术网
Fatal编程技术网

Amazon web services AWS Golang S3管理器上载:访问被拒绝

amazon-web-services go amazon-s3 aws-lambda terraform

Amazon web services AWS Golang S3管理器上载:访问被拒绝,amazon-web-services,go,amazon-s3,aws-lambda,terraform,Amazon Web Services,Go,Amazon S3,Aws Lambda,Terraform,我使用S3上传管理器将一个大文件上传到S3 if _, err := uploader.UploadWithContext(ctx, &s3manager.UploadInput{ Bucket: aws.String(s.Config.GetS3ExportBucket()), Key: aws.String(key), Body: bytes.NewReader(buf.B

我使用S3上传管理器将一个大文件上传到S3

if _, err := uploader.UploadWithContext(ctx, &s3manager.UploadInput{
        Bucket:          aws.String(s.Config.GetS3ExportBucket()),
        Key:             aws.String(key),
        Body:            bytes.NewReader(buf.Bytes()),
        ContentEncoding: aws.String("gzip"),
        ContentType:     aws.String("application/json"),
    }); err != nil {
        return fmt.Errorf("failed to upload file, %w", err)
    }
根据AWS文件,我也向我的lambda提供了权限

#Created Policy for IAM Role
resource "aws_iam_policy" "s3_write_policy" {
  name        = "${local.namespace}-s3-write-access"
  description = "Allow Lambda to access s3 where back will be written"
  policy      = data.aws_iam_policy_document.s3_write_policy.json
}

data "aws_iam_policy_document" "s3_write_policy" {
  statement {
    sid       = "WriteObjectActions"
    effect    = "Allow"
    actions   = [
      "s3:AbortMultipartUpload",
      "s3:GetObject",
      "s3:ListBucket",
      "s3:ListBucketMultipartUploads",
      "s3:PutObject",]
    resources = [
      aws_s3_bucket.db_export.arn]
  }
}
但是,我一直从S3中收到拒绝访问的错误。

您不仅需要提供对bucket的访问,还需要提供对bucket中所有对象的访问

试试这个政策

data "aws_iam_policy_document" "s3_write_policy" {
  statement {
    sid       = "WriteObjectActions"
    effect    = "Allow"
    actions   = [
      "s3:AbortMultipartUpload",
      "s3:GetObject",
      "s3:ListBucket",
      "s3:ListBucketMultipartUploads",
      "s3:PutObject",]
    resources = [
      aws_s3_bucket.db_export.arn,
      "${aws_s3_bucket.db_export.arn}/*"]
  }
}
您不仅需要提供对bucket的访问,还需要提供对bucket中所有对象的访问

试试这个政策

data "aws_iam_policy_document" "s3_write_policy" {
  statement {
    sid       = "WriteObjectActions"
    effect    = "Allow"
    actions   = [
      "s3:AbortMultipartUpload",
      "s3:GetObject",
      "s3:ListBucket",
      "s3:ListBucketMultipartUploads",
      "s3:PutObject",]
    resources = [
      aws_s3_bucket.db_export.arn,
      "${aws_s3_bucket.db_export.arn}/*"]
  }
}
如果看不到您输入的URL和资源字符串,就不可能看到您是正确的。替换敏感部分并用URL和资源字符串重新发布。如果看不到您要发布的URL和资源字符串,就不可能看到您是正确的。替换敏感部分并用URL和资源字符串重新发布。