我使用的配置有AdministrationAccess
存储桶配置了以下策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "myPolicy",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "*",
"Resource": [
"arn:aws:s3:::bucket-name/*",
"arn:aws:s3:::bucket-name"
]
}
]
}
在受助人:
每个人都有四个操作
我无法想象一个比那更开放的桶,为什么我仍然会得到错误
A client error (AccessDenied) occurred when calling the PutObject operation: Access Denied
答案 0 :(得分:3)
使用此策略可以完全访问存储桶。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::EXAMPLE-BUCKET-NAME"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::EXAMPLE-BUCKET-NAME/*"
}
]
}
答案 1 :(得分:1)
根据AWS S3 documentation示例,指定的tresource URI应该是字符串,而不是数组。只要它不是通配符。
"Resource": [
"*"
]
或
"Resource": "arn:aws:s3:::bucket-name/*"
指定URI时不要忘记尾随通配符。