我试图列出S3存储桶中的所有文件。但不断得到错误访问被拒绝。我想我在IAM用户中拥有必要的权限:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SID",
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetBucketAcl",
"s3:GetBucketCORS",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketPolicy",
"s3:GetBucketRequestPayment",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:GetLifecycleConfiguration",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectTorrent",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTorrent",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts",
"s3:PutBucketAcl",
"s3:PutBucketCORS",
"s3:PutBucketLogging",
"s3:PutBucketNotification",
"s3:PutBucketPolicy",
"s3:PutBucketRequestPayment",
"s3:PutBucketTagging",
"s3:PutBucketVersioning",
"s3:PutBucketWebsite",
"s3:PutLifecycleConfiguration",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl",
"s3:RestoreObject"
],
"Resource": [
"arn:aws:s3:::bucket/*"
]
}
]
}
我是否授予对S3的完全访问权限(AmazonS3FullAccess策略),我可以列出对象。可能是什么问题?我想我只删除了在自定义策略中删除和创建存储桶的权限。
当我添加对同一政策的完全访问权限时:
"Action": [
"s3:*"
],
我仍然无法列出对象。但是使用当前权限,我可以上传和删除对象。
答案 0 :(得分:6)
刚刚找到答案!策略中允许的操作是正确的。问题在于package main
import (
"fmt"
"time"
)
func main() {
requests := make(chan int, 5)
close(requests)
limiter := time.Tick(time.Millisecond * 200)
for req := range requests {
<-limiter
fmt.Println("request", req, time.Now())
}
burstyLimiter := make(chan time.Time, 4)
for i := 0; i < 5; i++ {
burstyLimiter <- time.Now()
fmt.Println("adding to burstyLimiter")
}
}
。我正在使用它:
Resource但它似乎没有授予存储桶根目录权限。没有完全访问权限因此,为了使其有效,我们必须删除"Resource": [
"arn:aws:s3:::bucket/*"
]
,如下所示:
/现在它的工作就像一个魅力。
答案 1 :(得分:0)
我遇到了同样的问题。我正在使用两台机器,一台是创建了aws配置文件,我能够列出s3存储桶,但是在没有创建我的配置文件的第二台机器上,我使用的是Set-AWSCredential命令,我无法列出s3存储桶。我创建的时刻我能够访问s3 ls。