Python EMR作业期间S3上的访问被拒绝_Python_Amazon Web Services_Amazon S3_Amazon Cloudformation_Amazon Iam

Python EMR作业期间S3上的访问被拒绝

python amazon-web-services amazon-s3 amazon-cloudformation

Python EMR作业期间S3上的访问被拒绝,python,amazon-web-services,amazon-s3,amazon-cloudformation,amazon-iam,Python,Amazon Web Services,Amazon S3,Amazon Cloudformation,Amazon Iam,我有具有特定用户访问权限的S3存储桶。现在我正试图提交aws上的EMR作业。但它显示我访问被拒绝我做错了什么桶策略示例： AUser: Description: Name of the AUser Type: String BUser: Description: Name of the BUser Type: String Resources: MetadataBucketS

我有具有特定用户访问权限的S3存储桶。现在我正试图提交aws上的EMR作业。但它显示我访问被拒绝

我做错了什么

桶策略示例：

  AUser:
    Description: Name of the AUser
    Type: String             
  BUser:
    Description: Name of the BUser
    Type: String                    
Resources:    
  MetadataBucketSecurity:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: 
        Ref: MetadataBucket 
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - 
            Effect: Deny
            NotPrincipal:
              AWS:
              - !Sub 'arn:aws:iam::${AWS::AccountId}:user/${AUser}'
              - !Sub 'arn:aws:iam::${AWS::AccountId}:user/${BUser}'
            Action: 
            - 's3:ListBucket'
            - 's3:RestoreObject'
            - 's3:ReplicateObject'
            - 's3:PutObject'
            - 's3:PutBucketNotification'
            - 's3:PutBucketLogging'
            - 's3:PutObjectTagging'
            - 's3:DeleteObject'
            - 's3:GetObjectAcl'
            - 's3:GetObject'
            - 's3:GetBucketLogging'
            - 's3:GetBucketAcl'
            - 's3:ListBucketByTags'
            - 's3:GetObjectVersionAcl'
            - 's3:GetBucketPolicy'
            Resource:
              - !Sub 'arn:aws:s3:::${Bucket}'
              - !Sub 'arn:aws:s3:::${Bucket}/*'

Reason : S3 Service Error.
Caused by: com.amazon.ws.emr.hadoop.fs.shaded.com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied;