Amazon web services aws s3api放置桶网站-PutBucketWebsite操作:访问被拒绝
我正在尝试使用此命令设置静态网站宿主: aws s3api放桶网站——桶XXXX——网站配置file://assets/website.json website.jsonAmazon web services aws s3api放置桶网站-PutBucketWebsite操作:访问被拒绝,amazon-web-services,amazon-s3,aws-cli,Amazon Web Services,Amazon S3,Aws Cli,我正在尝试使用此命令设置静态网站宿主: aws s3api放桶网站——桶XXXX——网站配置file://assets/website.json website.json { "IndexDocument": { "Suffix": "index.html" }, "ErrorDocument": { "Key": "index.html" } } { "IndexDocument": { "Suffix"
{
"IndexDocument": {
"Suffix": "index.html"
},
"ErrorDocument": {
"Key": "index.html"
}
}
{
"IndexDocument": {
"Suffix": "index.html"
},
"ErrorDocument": {
"Key": "index.html"
}
}
桶策略
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::XXXX/*"
}
]
}
我得到了一个错误:
调用PutBucketWebsite操作时出错(AccessDenied):拒绝访问
我应该在桶策略中更改什么 您的bucket策略只允许您执行GET操作,但您希望执行PUT操作 正如您所提到的,您的IAM似乎具有管理员和完整的S3访问权限,但您没有特定存储桶的存储桶级别访问权限
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:GetObject",
"s3:PutObject
],
"Resource": "arn:aws:s3:::XXXX/*"
},
{
"Sid": "AllowPutBucket",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::bucketname",
"arn:aws:s3:::bucketname/*"
]
}
]
}
此PUT操作需要S3:PutBucketWebsite的权限: 添加桶策略:
aws s3api put-bucket-policy \
--bucket XXXX \
--policy file://s3-bucket-policy.json
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::XXXX/*"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"S3:PutBucketWebsite"
],
"Resource": "arn:aws:s3:::XXXX"
}
]
}
s3 bucket policy.json:
aws s3api put-bucket-policy \
--bucket XXXX \
--policy file://s3-bucket-policy.json
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::XXXX/*"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"S3:PutBucketWebsite"
],
"Resource": "arn:aws:s3:::XXXX"
}
]
}
设置静态网站托管
aws s3api put-bucket-website \
--bucket XXXX \
--website-configuration file://website.json
website.json
{
"IndexDocument": {
"Suffix": "index.html"
},
"ErrorDocument": {
"Key": "index.html"
}
}
{
"IndexDocument": {
"Suffix": "index.html"
},
"ErrorDocument": {
"Key": "index.html"
}
}
PutBucketWebsite
是桶级操作,不是吗?您的策略仅适用于对象。我想我还需要bucket资源arn:aws:s3:::XXXX/
@alex067谢谢你的回答,但Marcin是对的。此PUT操作需要S3:PutBucketWebsite权限。您的IAM角色看起来像什么?@alex067我有管理员访问权限和AmazonS3FullAccess权限