Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/13.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/amazon-s3/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services 在S3上拒绝AWS EC2 IAM角色访问_Amazon Web Services_Amazon S3_Amazon Ec2_Amazon Iam - Fatal编程技术网
Fatal编程技术网

Amazon web services 在S3上拒绝AWS EC2 IAM角色访问

amazon-web-services amazon-s3 amazon-ec2

Amazon web services 在S3上拒绝AWS EC2 IAM角色访问,amazon-web-services,amazon-s3,amazon-ec2,amazon-iam,Amazon Web Services,Amazon S3,Amazon Ec2,Amazon Iam,我已经启动了一个具有IAM角色“webapp”的EC2实例。角色已附加,我可以使用 curl http://169.254.169.254/latest/meta-data/iam/security-credentials/webapp { "Code" : "Success", "LastUpdated" : "2016-01-04T06:44:50Z", "Type" : "AWS-HMAC", "AccessKeyId" : "xxx", "SecretAccessKe

我已经启动了一个具有IAM角色“webapp”的EC2实例。角色已附加,我可以使用

curl http://169.254.169.254/latest/meta-data/iam/security-credentials/webapp
{
  "Code" : "Success",
  "LastUpdated" : "2016-01-04T06:44:50Z",
  "Type" : "AWS-HMAC",
  "AccessKeyId" : "xxx",
  "SecretAccessKey" : "xxx",
  "Token" : "xxx",
  "Expiration" : "2016-01-04T12:46:27Z"
}
webapp角色具有针对S3的附加策略

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "*"
    }
  ]
}
但我无法访问S3上的对象。我正在使用aws php sdk

require_once 'vendor/autoload.php';
use Aws\S3\S3Client;

$client = S3Client::factory(array('region'  => 'us-west-2','version'=>'2006-03-01'));
  $result = $client->getObject(array(
    'Bucket' => 'test-bkt88767',
    'Key'    => "file.txt",
  ));
echo $result['Body'] . "\n";
我得到了403分

PHP Fatal error:  Uncaught exception 'Aws\S3\Exception\S3Exception' with message 'Error executing "GetObject" on "https://s3-us-west-2.amazonaws.com/test-bkt88767/file.txt"; AWS HTTP error: Client error: `GET https://s3-us-west-2.amazonaws.com/test-bkt88767/file.txt` resulted in a `403 Forbidden` response:
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>995F9A (truncated...)
 AccessDenied (client): Access Denied - <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>995F9AC51CC2164F</RequestId><HostId>JPKyfP1LBLW5ky2wH9t2CEjHrKT0tI9zgyXHU/qcJWvBoOwhK7O0dzl1wCjjzV58UhKZVHXvFFg=</HostId></Error>'
我也需要更改bucket权限吗?或者我的EC2配置有问题?

检查您在IAM中的webapp角色,它应该这样说:

{
    "Action": [
        "s3:ListBucket"
    ],
    "Resource": "arn:aws:s3:::your_bucket",
    "Effect": "Allow"
},
{
    "Action": [
        "s3:GetObject"
    ],
    "Resource": "arn:aws:s3:::your_bucket/*",
    "Effect": "Allow"
}

请检查是否有AWS密钥和访问ID配置给对S3 bucket没有正确访问权限的用户,或者您可以尝试使用另一个S3 API,我以前也遇到过同样的问题。

AWS php sdk是否自动使用实例角色?我在代码中没有看到任何对它的明确引用。请检查s3 bucket上的bucket策略,确保没有拒绝。