Amazon web services AWS跨帐户访问-无效存储桶策略问题
我正在尝试授予S3 bucket的跨帐户访问权限,以使用lambda函数。在这种情况下,首先尝试基于以下链接为源桶和目标桶分配适当的桶策略Amazon web services AWS跨帐户访问-无效存储桶策略问题,amazon-web-services,amazon-s3,aws-lambda,Amazon Web Services,Amazon S3,Aws Lambda,我正在尝试授予S3 bucket的跨帐户访问权限,以使用lambda函数。在这种情况下,首先尝试基于以下链接为源桶和目标桶分配适当的桶策略 https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/ 源桶策略: { "Version": "2012-10-17", "Statement": [ {
https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/
源桶策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DelegateS3Access",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::777777777:role/Staff"
},
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::source-bucktet-testing-lambda/*",
"arn:aws:s3:::source-bucktet-testing-lambda"
]
}
]
}
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam:: 777777777:role/Staff"
},
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::source-bucktet-testing-lambda/*",
"arn:aws:s3:::source-bucktet-testing-lambda"
]
}]
}
目标政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DelegateS3Access",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::777777777:role/Staff"
},
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::source-bucktet-testing-lambda/*",
"arn:aws:s3:::source-bucktet-testing-lambda"
]
}
]
}
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam:: 777777777:role/Staff"
},
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::source-bucktet-testing-lambda/*",
"arn:aws:s3:::source-bucktet-testing-lambda"
]
}]
}
但在目标桶策略中,策略具有无效资源。您能在这方面帮助我吗。“目标策略”适用于lambda执行角色?是的。您是对的源Bucket上不需要Bucket策略。相反,应在分配给AWS Lambda功能的IAM角色中授予必要的权限。