Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/13.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/amazon-s3/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services AWS跨帐户访问-无效存储桶策略问题_Amazon Web Services_Amazon S3_Aws Lambda - Fatal编程技术网
Fatal编程技术网

Amazon web services AWS跨帐户访问-无效存储桶策略问题

amazon-web-services amazon-s3 aws-lambda

Amazon web services AWS跨帐户访问-无效存储桶策略问题,amazon-web-services,amazon-s3,aws-lambda,Amazon Web Services,Amazon S3,Aws Lambda,我正在尝试授予S3 bucket的跨帐户访问权限,以使用lambda函数。在这种情况下,首先尝试基于以下链接为源桶和目标桶分配适当的桶策略 https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/ 源桶策略: { "Version": "2012-10-17", "Statement": [ {

我正在尝试授予S3 bucket的跨帐户访问权限,以使用lambda函数。在这种情况下,首先尝试基于以下链接为源桶和目标桶分配适当的桶策略

https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/
源桶策略:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DelegateS3Access",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::777777777:role/Staff"
            },
            "Action": [
                "s3:ListBucket",
                "s3:GetObject",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::source-bucktet-testing-lambda/*",
                "arn:aws:s3:::source-bucktet-testing-lambda"
            ]
        }
    ]
}

{
    "Version": "2012-10-17",
    "Statement": [{
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam:: 777777777:role/Staff"
        },
        "Action": [
            "s3:GetObject",
            "s3:PutObject",
            "s3:PutObjectAcl"
        ],
        "Resource": [
            "arn:aws:s3:::source-bucktet-testing-lambda/*",
            "arn:aws:s3:::source-bucktet-testing-lambda"
        ]
    }]
}
目标政策:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DelegateS3Access",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::777777777:role/Staff"
            },
            "Action": [
                "s3:ListBucket",
                "s3:GetObject",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::source-bucktet-testing-lambda/*",
                "arn:aws:s3:::source-bucktet-testing-lambda"
            ]
        }
    ]
}

{
    "Version": "2012-10-17",
    "Statement": [{
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam:: 777777777:role/Staff"
        },
        "Action": [
            "s3:GetObject",
            "s3:PutObject",
            "s3:PutObjectAcl"
        ],
        "Resource": [
            "arn:aws:s3:::source-bucktet-testing-lambda/*",
            "arn:aws:s3:::source-bucktet-testing-lambda"
        ]
    }]
}
但在目标桶策略中,策略具有无效资源。您能在这方面帮助我吗。

“目标策略”适用于lambda执行角色?是的。您是对的源Bucket上不需要Bucket策略。相反,应在分配给AWS Lambda功能的IAM角色中授予必要的权限。