Amazon web services Can';t使用来自EC2实例的IAM角色访问S3 bucket
我正在尝试使用PHPSDK(在EC2实例上)从私有S3存储桶下载一个文件 我创建了一个IAM角色,并将Amazon web services Can';t使用来自EC2实例的IAM角色访问S3 bucket,amazon-web-services,amazon-s3,Amazon Web Services,Amazon S3,我正在尝试使用PHPSDK(在EC2实例上)从私有S3存储桶下载一个文件 我创建了一个IAM角色,并将AmazonS3FullAccess附加到该角色 我创建了S3存储桶,这是存储桶策略: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::206193043625:role/MyRoleName
AmazonS3FullAccess
附加到该角色
我创建了S3存储桶,这是存储桶策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::206193043625:role/MyRoleName"
},
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::config-files/*"
}
]
}
然后在PHP端,我向http://169.254.169.254/latest/meta-data/iam/security-credentials/MyRoleName
,我得到一个JSON返回,实例化S3Client并尝试下载它,但我收到以下错误消息:
在“”上执行“GetObject”时出错;AWS HTTP错误:客户端错误:GEThttps://files.s3.us-west-2.amazonaws.com/us-west-2__config.php
导致403禁止响应:
拒绝访问
拒绝访问C84D80(截断…)拒绝访问(客户端):拒绝访问-
拒绝访问
拒绝访问C84D80DE6B2D35FD6SDWIYK98NSH+Oa8lBH7lD91rfHospDeo0jZKFDdo0CaeY8aX6Wb/s2ja5qeYxCBuLwDJ2AqSl0=
有人能给我指个方向吗?没有必要直接访问169.254.169.254
。AWS SDK for PHP将自动检索凭据
只需在不指定任何凭据的情况下创建S3客户端。因为您已经为EC2实例提供了AmazonS3FullAccess角色,所以不需要执行任何其他操作(即访问元数据api)。直接访问您的S3客户端&它将按照您的计算实例的预期工作。要从EC2实例访问S3 Bucket,请执行以下步骤:
* Create an IAM Role with S3 Full Access.
* Launch an EC2 instance with the role attached to it.
* SSH to your EC2 instance with root permissions.
* Type the command: aws s3 ls. It will display all the buckets which are there in S3.
由于该角色已附加到EC2实例,因此无需提及安全凭据
谢谢