Php AWS s3:上载文件时拒绝访问

我试图通过PHPSDK将一个文件上传到AWSS3存储桶，为此我创建了一个IAM用户并添加了一个内联策略

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::bucket/*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::bucket/*"
        }
    ]
}

这是我的php代码

$s3 = new S3Client([
    'version' => 'latest',
    'region'  => 'ap-south-1',
    'credentials' =>
        array(
            'key'=>'X',
            'secret'  =>'X'
       )
]);

try {
    $s3->putObject([
        'Bucket' => 'candy-prototype',
        'Key'    => 'my-object.txt',
        'Body'   => fopen('test.txt', 'r'),
        'ACL'    => 'public-read',
    ]);
} catch (Aws\S3\Exception\S3Exception $e) {
    echo $e->getMessage();
    echo "There was an error uploading the file.\n";
}

但它将抛出拒绝访问异常

在上执行“PutObject”时出错https://s3..amazonaws.com/bucket/my-object.txt"; AWS HTTP 错误：客户端错误：

PUT
https://s3.ap-south-1.amazonaws.com/candy-prototype/my-object.txt

导致

403禁止

响应：AccessDeniedAccess DeniedC21D9D（截断…）访问被拒绝（客户端）：访问被拒绝- 访问拒绝访问 更新

已向

所有人授予读写权限，但该操作无效。
IAM用户可以从aws web adminpanel上传/删除/查看，但api访问被拒绝
ListBucket&GetBucketLocation应应用于bucket，而不是bucket/*
更改策略第一部分中的资源

{
        "Effect": "Allow",
        "Action": [
            "s3:ListBucket",
            "s3:GetBucketLocation"
        ],
        "Resource": "arn:aws:s3:::bucket"
    },

参考文件

{
        "Effect": "Allow",
        "Action": [
            "s3:ListBucket",
            "s3:GetBucketLocation"
        ],
        "Resource": "arn:aws:s3:::bucket"
    },