Question

以下是我的权限：

此外，我将此作为存储桶策略：

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::manga-learn-data",
                "arn:aws:s3:::manga-learn-data/*"
            ]
        }
    ]
}

我在〜/ .aws / config文件中有这个：

[default]
region=us-west-2

这在我的〜/ .aws / credentials文件中：

[default]
aws_access_key_id = <access-key>
aws_secret_access_key = <secret-key>

现在我做了：

>>> import boto3
>>> s3 = boto3.resource('s3')
>>> s3.buckets.all()
s3.bucketsCollection(s3.ServiceResource(), s3.Bucket)
>>> for bucket in s3.buckets.all():
...         print(bucket.name)
...
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/alex/anaconda2/lib/python2.7/site-packages/boto3/resources/collection.py", line 83, in __iter__
    for page in self.pages():
  File "/Users/alex/anaconda2/lib/python2.7/site-packages/boto3/resources/collection.py", line 161, in pages
    pages = [getattr(client, self._py_operation_name)(**params)]
  File "/Users/alex/anaconda2/lib/python2.7/site-packages/botocore/client.py", line 262, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/Users/alex/anaconda2/lib/python2.7/site-packages/botocore/client.py", line 552, in _make_api_call
    raise ClientError(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied

你看到那里的追溯。我按照这里的步骤进行操作：https://github.com/boto/boto3

有什么建议吗？

Answer 1

您的代码目前尝试列出所有存储桶，但IAM用户无权执行此操作。

您必须授予您对IAM用户的ListAllMyBuckets访问权限，例如：

    {
      "Effect": "Allow",
      "Action": "s3:ListAllMyBuckets",
      "Resource": "arn:aws:s3:::*"
    },

或者您需要更改代码以仅访问您感兴趣的存储桶：

bucket = s3.Bucket('manga-learn-data')
for object in bucket:
    # do whatever you need to do here

如何使用boto3访问存储桶

1 个答案: