我在我的水桶上尝试这些policy到console.aws.amazon.com:
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::itnighq",
"Condition": {}
},
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectAclVersion"
],
"Resource": "arn:aws:s3:::itnighq/*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*",
"Condition": {}
}
]
}
但是我收到此错误消息: 策略具有无效操作 - s3:ListAllMyBuckets 它似乎不喜欢“资源”:“*”,我也尝试使用** arn:aws:s3 ::: ****,但它不起作用任
任何人都有任何线索?
答案 0 :(得分:14)
正如zdev所提到的,你需要为IAM做这件事。转到IAM console并导航至用户>权限>内联政策>创建>自定义,然后输入:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
答案 1 :(得分:9)
我想通了自己。它需要在IAM中完成,而不是在S3本身......
答案 2 :(得分:2)
@dnlbrky您需要通过为IAM用户/组/角色设置策略来执行此操作,并通过使用适用于IAM用户/组的AWS控制台或通过调用put_ [role / user / group] _policy进行设置boto API调用。
答案 3 :(得分:0)
任何人遇到相同的问题:
S3存储桶Policy Actions与IAM policy actions不同。
可以引用https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html中的s3操作。
或尝试以下操作
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],