我目前正在Node中编写应用程序,该应用程序必须能够在存储桶中创建,删除和复制文件。创建和删除功能就像魅力一样,但问题在于' copyObject'功能(http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#copyObject-property)。它返回了一个错误,上面写着“拒绝访问”。
我做了一些研究并尝试了不同的Bucket策略,但似乎没有任何效果。这是我目前正在使用的政策:
{
"Version": "2008-10-17",
"Id": "Policy1458587151478",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/*"
},
{
"Sid": "AllowPublicList",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::bucketname"
}
]
}
(其中bucketname是我的桶的名称)
我用来复制文件的代码是:
copyJson:function(creativeData, callback){
var s3 = new AWS.S3({params: {Bucket: 'bucketname'}});
var params = {
CopySource: 'json_files/' + creativeData.user_id + '/'+creativeData.old_id + '.json',
Key: 'json_files/' + creativeData.user_id + '/' + creativeData.new_id + '.json',
ACL: 'bucket-owner-full-control'
};
s3.copyObject(params, function(err, data) {
if (err) callback(err, null);
else callback(null, data);
});
}
错误是:
{
"message": "Access Denied",
"code": "AccessDenied",
"region": null,
"time": "2016-03-22T09:02:25.761Z",
"requestId": "45EE85638A6099DD",
"extendedRequestId": "ag6GzYUc5gyZ1AuNQXpcLEgMI/ry814fS5oG66JwU3+4EfEuwfmAY2vagXemAkAJWyMx9EgvQ/8=",
"statusCode": 403,
"retryable": false,
"retryDelay": 3.5066229524090886
}
我在这里找不到任何东西?
由于
答案 0 :(得分:0)
您的IAM角色只能访问GetObject和ListObject。在写入S3时,复制还需要PutObject。我认为这应该有效:
{
"Version": "2008-10-17",
"Id": "Policy1458587151478",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": ["s3:GetObject","s3:PutObject"],
"Resource": "arn:aws:s3:::bucketname/*"
},
{
"Sid": "AllowPublicList",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::bucketname"
}
]
}