我最不熟悉aws等。我们要做的是将一个小的war文件上传到s3 bucket using s3-bash和 PalletOps 。为此,我有一个配置为
的clojure配置文件(defpallet :default-service
:vmfest
:services {:localhost {:provider "localhost"}
:vmfest {:provider "vmfest"
:vbox-comm :ws
:default-network-type :local
:default-memory-size 1024
:default-local-interface "vboxnet5"}
:aws-ec2 {:provider "aws-ec2"
:identity "AAAAAAAAAAAAAAAAAAQ"
:credential "ATMz1/gerGGFHDh/GFGGFGFGFHFHFHGTUUTUgdgdgdg"}})
在aws上,我向该用户添加了IAM策略,
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iam:*",
"Resource": "*"
}
]
}
在尝试lein pallet up -P aws-ec2上面 config 的群集时,我收到以下错误,
Caused by: org.jclouds.aws.AWSResponseException: request POST
https://ec2.us-east-1.amazonaws.com/ HTTP/1.1 failed with code 403,
error: AWSError{requestId='c20a65f1-64a1-4d7f-be27-690d495ffd09',
requestToken='null', code='UnauthorizedOperation', message='You are not
authorized to perform this operation.', context='{Response=, Errors=}'}
at org.jclouds.aws.handlers.ParseAWSErrorFromXmlContent.handleError(ParseAWSErrorFromXmlContent.java:77)
... 77 more
Subprocess failed
我也在https://policysim.aws.amazon.com/home/index.jsp?#尝试了模拟,但即使没有采取行动也无法进行模拟" ListBucket"错误Implicitly denied (no matching statements found).。
我可能missing to configure on aws ec2但无法继续前进。
答案 0 :(得分:0)
我认为您可能需要IAM政策中的s3*条目:
以下是仅允许上传到特定文件夹的政策示例:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:*"
],
"Sid": "Stmt13NNNNNNNN000",
"Resource": [
"arn:aws:s3:::bucket-name/specific-folder/*"
],
"Effect": "Allow"
},
{
"Action": [
"s3:*"
],
"Sid": "StmtNNNNNNNNNNN",
"Resource": [
"arn:aws:s3:::bucket-name"
],
"Effect": "Allow"
}
]
}
在“高级用户”预建策略(如果可以的话)中排除这些权限问题也值得测试。