Question

我有一个全新的IAM用户，我想要上传＆amp;读取对我新创建的存储桶的访问权限 - import requests from bs4 import BeautifulSoup import re link = "http://python-data.dr-chuck.net/comments_42.html" reuest = requests.get(link) soup = BeautifulSoup(reuest.text,"lxml") soupl=soup.findAll("span", { "class" : "comments" }) sum=0 for item in soupl: sum = sum + int(item.text) print(sum)。

这是我现在用于我的用户的政策：

myapp

使用此政策，我可以登录控制台，我可以创建文件夹，我可以将图像上传到这些文件夹。

但是，当我尝试通过我的应用上传图片时，这就是我得到的：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListAllMyBuckets"
            ],
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::myapp"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::myapp/*"
            ]
        }
    ]
}

以下是我的CORS规则：

Excon::Errors::Forbidden at /jobs
Expected(200) <=> Actual(403 Forbidden)
excon.error.response
  :body          => "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0FF1D4848595DCFB</RequestId><HostId>+RrQvNFwV2hAcYPK3ZJJYzy5uiA7Aag0oc1Gpp3hENJ9lzJz453j8qJeLbdQ8jN4cc3ViRJ1lEg=</HostId></Error>"
  :cookies       => [
  ]
  :headers       => {
    "Connection"       => "close"
    "Content-Type"     => "application/xml"
    "Date"             => "Sat, 25 Jun 2016 18:54:24 GMT"
    "Server"           => "AmazonS3"
    "x-amz-id-2"       => "+R3ViRJ1lEg="
    "x-amz-request-id" => "0FF1DCFB"
  }
  :host          => "s3.amazonaws.com"
  :local_address => "192.168.1.102"
  :local_port    => 23456
  :path          => "/logos/company/logo/48/amped-logo.png"
  :port          => 443
  :reason_phrase => "Forbidden"
  :remote_ip     => "xx.xx.xxx.xxx"
  :status        => 403
  :status_line   => "HTTP/1.1 403 Forbidden\r\n"

这是我的<?xml version="1.0" encoding="UTF-8"?> <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <CORSRule> <AllowedOrigin>http://localhost:3000</AllowedOrigin> <AllowedMethod>HEAD</AllowedMethod> <AllowedMethod>GET</AllowedMethod> <AllowedMethod>PUT</AllowedMethod> <AllowedMethod>POST</AllowedMethod> <AllowedMethod>DELETE</AllowedMethod> <ExposeHeader>ETag</ExposeHeader> <AllowedHeader>*</AllowedHeader> </CORSRule> </CORSConfiguration>文件：

config/initializers/carrierwave.rb

可能导致此问题的原因以及如何解决？

Answer 1

我其实只是想出来了，这是一件小事。

我所要做的只是将"s3:PutObjectAcl"添加到我的政策中。

现在，我的政策看起来像这样：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListAllMyBuckets"
            ],
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::myapp"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::myapp/*"
            ]
        }
    ]
}

现在有效。

我从this answer获得了提示，这保存了我的培根。

针对新IAM用户的新创建的IAM内联策略的AWS S3 403 Forbidden Error

1 个答案: