每当我尝试通过.NET应用程序访问amazon s3时,我都会拒绝访问。我有一个IAM用户,如果我使用他的凭据,它工作正常。但是,如果我使用其凭据创建联合用户,则生成的用户无法访问Amazon s3中的存储桶。需要注意的一点是,我没有在我的代码中为联合用户指定策略。我希望他拥有与IAM用户相同的访问级别。但是,如果我在代码中为策略指定值,则可以访问和列出存储桶。 有什么指针吗?
private static SessionAWSCredentials GetTemporaryFederatedCredentials(
string accessKeyId, string secretAccessKeyId)
{
var config = new AmazonSecurityTokenServiceConfig();
var stsClient =
new AmazonSecurityTokenServiceClient(
accessKeyId, secretAccessKeyId, config);
var federationTokenRequest =
new GetFederationTokenRequest();
federationTokenRequest.Name = "User1";
// federationTokenRequest.Policy =
// @"{
// ""Statement"":
// [
// {
// ""Action"":[""s3:ListAllMyBuckets""],
// ""Effect"":""Allow"",
// ""Resource"":""arn:aws:s3:::*""
// }
// ]
// }";
federationTokenRequest.DurationSeconds = 3600;
GetFederationTokenResponse federationTokenResponse =
stsClient.GetFederationToken(federationTokenRequest);
GetFederationTokenResult federationTokenResult =
federationTokenResponse.GetFederationTokenResult;
Credentials credentials = federationTokenResult.Credentials;
var sessionCredentials =
new SessionAWSCredentials(credentials.AccessKeyId,
credentials.SecretAccessKey,
credentials.SessionToken);
return sessionCredentials;
}
}
}