我正在学习AWS CLI,我尝试在S3中从本地文件夹复制到存储桶...所以当我输入命令时输出会返回下一个错误:
上传失败:./ lalala.txt到s3:// buecket_name /调用PutObject操作时发生错误(AccessDenied):拒绝访问
所以我正在搜索这个,互联网告诉我问题出在存储桶策略编辑器中,所以我尝试编辑策略,但是当我点击保存错误时:
Bucket Policy Editor:无法将策略解析为有效的JSON字符串
我的政策脚本:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets"
"Resource": "arn:aws:s3:::bucket-name*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::bucket-name"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::bucket-name/*"
}
]
}
_____更新_____:
所以小伙子们,我尝试更改添加“主体”的脚本,正如下面的人建议但错误继续:
无法将策略解析为有效的JSON字符串
当前脚本:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:Sao Paulo:X1X8XX6YYY16X:name-bucket*"
},
"Principal": {
"AWS": [
"arn:aws:iam::AWS-account-ID:root"
]
}
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::bucket-name"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::bucket-name/*"
}
]
}
那么伙计们,我做错了什么?
先谢谢了!
答案 0 :(得分:1)
答案 1 :(得分:0)
读取/写入特定存储桶的策略如下
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "S3Actions",
"Resource": [
"arn:aws:s3:::bucket-name/*",
"arn:aws:s3:::bucket-name"
],
"Action": [
"s3:DeleteObject",
"s3:PutBucketAcl",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:Get*",
"s3:List*"
],
"Effect": "Allow"
}
]
}
此外,您可以使用Policy Simulator来选择策略,并尝试确保选择相应的操作来执行API调用,而不会出现任何问题。