我正在尝试使用AWS Machine学习SDK创建数据源。起初我将csv数据文件也上传到S3存储器。然后我更新此文件的存储桶策略。只有在我尝试创建数据源但我收到错误之后:
失败(1):您无权访问's3://training-data/input/test-likes.csv'。联系's3://training-data/input/test-likes.csv'的所有者以获取读取权限。
还需要哪些权限?
这是我的保管政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AmazonML_s3:ListBucket",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::831986290820:user/pavel.emsow",
"Service": "machinelearning.amazonaws.com"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::trainig-data",
"Condition": {
"StringLike": {
"s3:prefix": [
"input/common-likes.csv*",
"input/test-likes.csv*"
]
}
}
},
{
"Sid": "AmazonML_s3:GetObject",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::831986290820:user/pavel.emsow",
"Service": "machinelearning.amazonaws.com"
},
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::trainig-data/input/common-likes.csv*",
"arn:aws:s3:::trainig-data/input/test-likes.csv*"
]
}
]
}
答案 0 :(得分:0)
尝试从S3数据源创建ML模型时遇到此错误。除了我的(类似)存储桶策略之外,我还必须修改调用机器学习API时使用的IAM角色。我将完全访问S3策略附加到IAM角色,并且调用成功。完全访问策略可能过于宽泛,可能会将其减少为S3只读并仍然可以使呼叫成功。