我正在尝试将文件从Amazon Server(EC2)上传到S3。
首先,我创建了一个名为" backup"的新IAM用户。我向该用户附加了托管策略" AmazonS3FullAccess"这应该足够了。此外,我添加了以下政策:
{
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
},
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": ["arn:aws:s3:::bucket", "arn:aws:s3:::bucket/*"]
}
]
}
我向用户添加了一个访问密钥。
我回到服务器,然后通过aws configure输入ID和访问密钥。
在S3存储桶配置用户" pinco.pallo" ("备份"是#34; pinco.pallo"的IAM)默认情况下拥有所有受让人,这应该足够了。此外,我尝试添加以下政策:
{
"Version": "2008-10-17",
"Id": "Policy1425416644138",
"Statement": [
{
"Sid": "Stmt1425416630319",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXXXXXX:user/backup"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket/*"
},
{
"Sid": "Stmt1425416630319",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXXXXXX:user/backup"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket"
}
]
}
aws s3 cp --sse --region eu-west-1 file s3://bucket/
我收到以下错误:
upload failed: ./file to s3://bucket/file A client error (AccessDenied) occurred when calling the PutObject operation: Access Denied
有人有想法吗?非常感谢你。
答案 0 :(得分:1)
是的 - 类似于@ peycho-dimitrov提到的,如果你想要cp和sync工作,你需要设置权限和资源,如下所示:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt20000",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:ListBucket",
"s3:ListObjects"
],
"Resource": [
"arn:aws:s3:::bucket-name/*",
"arn:aws:s3:::bucket-name"
],
"Effect": "Allow"
}
]
}
答案 1 :(得分:0)
尝试这种方式:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::mybackup",
"arn:aws:s3:::mybackup/*"
]
}
]
}