Amazon web services 403从S3调用对象时
我有两个aws账户。我想将对象从帐户A上传到帐户B中的S3存储桶。帐户B也应该能够访问这些对象Amazon web services 403从S3调用对象时,amazon-web-services,amazon-s3,devops,Amazon Web Services,Amazon S3,Devops,我有两个aws账户。我想将对象从帐户A上传到帐户B中的S3存储桶。帐户B也应该能够访问这些对象 我创建了一个S3 bucket,并给出了以下策略 { "Version": "2012-10-17", "Id": "Policy1533932697318", "Statement": [ { "Sid": "Stmt1533932695665", "Effect": "Allow", "
{
"Version": "2012-10-17",
"Id": "Policy1533932697318",
"Statement": [
{
"Sid": "Stmt1533932695665",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789123:root”
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::bucket-b",
"arn:aws:s3:::bucket-b/*"
]
}
]
}
{
"Version": "2012-10-17",
"Id": "Policy1533932697318",
"Statement": [
{
"Sid": "Stmt1533932695665",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789123:root”
"arn:aws:iam::987654321321:root”
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::bucket-b",
"arn:aws:s3:::bucket-b/*"
]
}
]
}
这是我的bucket_policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my_bucket/*"
}
]
}
解决了上述问题。问题是正在上载到bucket的对象的所有者。在将对象上载到s3时,我必须添加--acl“bucket owner full control”