Amazon web services 403从S3调用对象时

我有两个aws账户。我想将对象从帐户A上传到帐户B中的S3存储桶。帐户B也应该能够访问这些对象

我创建了一个S3 bucket，并给出了以下策略

{
    "Version": "2012-10-17",
    "Id": "Policy1533932697318",
    "Statement": [
        {
            "Sid": "Stmt1533932695665",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::123456789123:root” 
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::bucket-b",
                "arn:aws:s3:::bucket-b/*"
            ]
        }
    ]
}

我在委托人中提供的账户是账户A。正如预期的那样，我能够从账户A中写入和读取数据

但是，当我试图从存储桶所在的帐户B读取数据时，出现了“致命错误：调用HeadObject操作时发生错误（403）：禁止”错误。

我还尝试在策略主体JSON中添加我的帐户B根帐户，但JSON对语法表示不满

请让我知道这个问题有什么解决方案

    {
        "Version": "2012-10-17",
        "Id": "Policy1533932697318",
        "Statement": [
            {
                "Sid": "Stmt1533932695665",
                "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::123456789123:root”
                           "arn:aws:iam::987654321321:root”
                },
                "Action": "s3:*",
                "Resource": [
                    "arn:aws:s3:::bucket-b",
                    "arn:aws:s3:::bucket-b/*"
                ]
            }
        ]
    }

---

这是我的bucket_policy.json

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "PublicReadGetObject",
        "Effect": "Allow",
        "Principal": {
            "AWS": "*"
        },
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::my_bucket/*"
    }
]
}

---

解决了上述问题。问题是正在上载到bucket的对象的所有者。在将对象上载到s3时，我必须添加--acl“bucket owner full control”