使用OpsCenter 5.1.0并尝试将S3添加为快照备份的位置。 AWS IAM对opscenter用户有哪些必要的权限?到目前为止,我有以下政策:
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::cassandra-bkup"
]
},
{
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::cassandra-bkup/*"
]
}
]
但备份仍然失败。在opscenterd.log中,可以看到以下错误:
WARN: Marking request af93899e-ae89-4ada-8b3b-ef93d0272d61 as failed: {'sstables': {'reporting_test': {u'cards': {'total_size': 9829, 'total_files': 6, 'done_files': 0, 'errors': [u'{:cause :unknown-destination-provider, :message "Specified provider unknown."}', u'{:cause :unknown-destination-provider, :message "Specified provider unknown."}', u'{:cause :unknown-destination-provider, :message "Specified provider unknown."}', u'{:cause :unknown-destination-provider, :message "Specified provider unknown."}', u'{:cause :unknown-destination-provider, :message "Specified provider unknown."}', u'{:cause :unknown-destination-provider, :message "Specified provider unknown."}']},
等等。
然而,备份到本地服务器成功。
答案 0 :(得分:2)
经过一些反复试验,我发现以下政策有效
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetBucketAcl"
],
"Resource": [
"arn:aws:s3:::prod-bkup"
]
},
{
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::prod-bkup/*"
]
}
]
}
编辑:添加s3:GetBucketAcl
作为必需的权限