Boto未能通過S3 IAM角色進行身份驗證

我有一個名爲Role1的角色。這個角色有以下政策適用於它。Boto未能通過S3 IAM角色進行身份驗證

我有一個ec2實例，它具有Role1的IAM角色。

當我嘗試conn.get_bucket（'fooo_udata'）時，我返回了403錯誤。

對此有何想法？

{ 
"Statement": [ 
{ 
    "Effect": "Allow", 
    "Action": ["s3:ListAllMyBuckets"], 
    "Resource": "arn:aws:s3:::*" 
}, 
{ 
    "Effect": "Allow", 
    "Action": ["s3:ListBucket","s3:GetBucketLocation","s3:*"], 
    "Resource": ["arn:aws:s3:::fooo_uadata/","arn:aws:s3:::fooo_uadata/*"] 
}, 
{ 
    "Effect": "Allow", 
    "Action": ["s3:PutObject","s3:GetObject","s3:DeleteObject"], 
    "Resource": ["arn:aws:s3:::fooo_uadata/","arn:aws:s3:::fooo_uadata/*"] 
} 
] 
}

來源

2013-07-12 bearrito

我不認爲你想在你的桶策略中包含「/」字符。因此，嘗試改變：

{ 
    "Effect": "Allow", 
    "Action": ["s3:ListBucket","s3:GetBucketLocation","s3:*"], 
    "Resource": ["arn:aws:s3:::fooo_uadata/","arn:aws:s3:::fooo_uadata/*"] 
},

要這樣：

{ 
    "Effect": "Allow", 
    "Action": ["s3:ListBucket","s3:GetBucketLocation","s3:*"], 
    "Resource": ["arn:aws:s3:::fooo_uadata","arn:aws:s3:::fooo_uadata*"] 
},

因爲你斗的名字是foo_uadata不foo_uadata/。

來源

2013-07-13 13:31:23 garnaat

Boto未能通過S3 IAM角色進行身份驗證

回答

相關問題