5
我想列出我S3存儲桶中的所有文件。但不斷得到錯誤訪問被拒絕。我想我已經在我的IAM用戶必要的權限:可以上傳文件,但不能列出S3存儲桶對象。獲取訪問被拒絕的錯誤
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SID",
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetBucketAcl",
"s3:GetBucketCORS",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketPolicy",
"s3:GetBucketRequestPayment",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:GetLifecycleConfiguration",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectTorrent",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTorrent",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts",
"s3:PutBucketAcl",
"s3:PutBucketCORS",
"s3:PutBucketLogging",
"s3:PutBucketNotification",
"s3:PutBucketPolicy",
"s3:PutBucketRequestPayment",
"s3:PutBucketTagging",
"s3:PutBucketVersioning",
"s3:PutBucketWebsite",
"s3:PutLifecycleConfiguration",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl",
"s3:RestoreObject"
],
"Resource": [
"arn:aws:s3:::bucket/*"
]
}
]
}
是我給予完全訪問S3,(AmazonS3FullAccess政策),我可以列出的對象。什麼可能是這個問題?我想我只刪除了在自定義策略中刪除和創建桶的權限。
當我添加的完全訪問權限相同的策略:
"Action": [
"s3:*"
],
我仍然無法列出的對象。但有了當前的權限,我可以上傳和刪除對象。
是的,列出存儲桶的內容需要獲得存儲桶本身的許可。上傳也一樣,所以你可以上傳很奇怪。順便說一句,你不需要桶名後的'*'。 –
@JohnRotenstein啊謝謝你的解釋!我將嘗試不使用'*':-) – THpubs
請注意,「arn:aws:s3 ::: bucket *」將匹配所有以bucket開頭的桶(即bucketABC)。 – LukaszQr