我可以从AWS控制台添加IAM Role作为存储桶策略的主体。
我不能从Java API做同样的事情。当我将IAM角色添加到存储桶策略的主体并执行api操作时。我收到了以下错误。
Invalid principal in policy Service: Amazon S3
代码:
client.setBucketPolicy(BUCKET_NAME,
new Policy().withStatements(new Statement(Effect.Allow)
.withActions(S3Actions.GetObject, S3Actions.PutObject, S3Actions.GetObjectAcl)
.withPrincipals(new Principal("AWS", "arn:aws:iam::12345678:role/ECR-ROLE"))
.withResources(new S3ObjectResource(BUCKET_NAME, "*"))).toJson());