具有iam角色的AWS S3 Bucket Policy主体

时间:2016-08-16 22:48:36

标签: api amazon-web-services amazon-s3 policy bucket

我可以从AWS控制台添加IAM Role作为存储桶策略的主体。

我不能从Java API做同样的事情。当我将IAM角色添加到存储桶策略的主体并执行api操作时。我收到了以下错误。

Invalid principal in policy Service: Amazon S3

代码:

client.setBucketPolicy(BUCKET_NAME,
    new Policy().withStatements(new Statement(Effect.Allow)
                                            .withActions(S3Actions.GetObject, S3Actions.PutObject, S3Actions.GetObjectAcl)
                                            .withPrincipals(new Principal("AWS", "arn:aws:iam::12345678:role/ECR-ROLE"))
                                            .withResources(new S3ObjectResource(BUCKET_NAME, "*"))).toJson());

0 个答案:

没有答案