Question

我正在使用名为Fog的Ruby Gem来访问S3而我正试图收紧权限。我正在做的一件事是：

storage.files.head（FILE_NAME）

这样获得存储：

storage = Fog :: Storage.new（AWS_CREDENTIALS）.directories.new（key：“bucket-name”）

遗憾的是，这个错误失败了：

#<Excon::Response:0x00000101aa8050 @data={:body=>"", :headers=>{"x-amz-request-id"=>"1BD5F221BD5F22", "x-amz-id-2"=>"rh9CJHBQW+1uY/Ajki/m1jzpYacyhrh9CJHBQW+1uY/Ajki/m1jzpYacyh", "Content-Type"=>"application/xml", "Transfer-Encoding"=>"chunked", "Date"=>"Wed, 13 Aug 2014 01:12:25 GMT", "Connection"=>"close", "Server"=>"AmazonS3"}, :status=>403, :remote_ip=>"178.178.178.178", :local_port=>58870, :local_address=>"10.0.0.1"}, @body="", @headers={"x-amz-request-id"=>"1BD5F221BD5F22", "x-amz-id-2"=>"rh9CJHBQW+1uY/Ajki/m1jzpYacyhrh9CJHBQW+1uY/Ajki/m1jzpYacyh", "Content-Type"=>"application/xml", "Transfer-Encoding"=>"chunked", "Date"=>"Wed, 13 Aug 2014 01:12:25 GMT", "Connection"=>"close", "Server"=>"AmazonS3"}, @status=403, @remote_ip="178.178.178.178", @local_port=58870, @local_address="10.0.0.1">

虽然此存储分区的权限政策是：

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action":[
        "s3:DeleteObject",
        "s3:GetObject",
        "s3:PutObject"],
      "Resource": ["arn:aws:s3:::bucket-name/*"]
    }
  ]
}

我缺少哪些权限或如何查找？

Answer 1

解决方案是向存储桶添加s3：ListBucket权限，如下所示：

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action":[
        "s3:ListBucket"],
      "Resource": ["arn:aws:s3:::bucket-name"]
    },
    {
      "Effect": "Allow",
      "Action":[
        "s3:DeleteObject",
        "s3:GetObject",
        "s3:PutObject"],
      "Resource": ["arn:aws:s3:::bucket-name/*"]
    }
  ]
}

获取文件头所需的AWS S3权限是什么？

1 个答案: