我正在尝试将一些文件从ec2(linux)复制到s3 bucket.i将此政策附加到我的s3
{
"Version": "2012-10-17",
"Id": "Policy1487803543981",
"Statement": [
{
"Sid": "Stmt1487803541931",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::###234222###:user/Bilkishjain"
},
"Action": [
"s3:Get*",
"s3:*Multi*",
"s3:Put*"
],
"Resource": "arn:aws:s3:::<bucketname>/<filename>"
}
]
}
我做了配置并提供了访问密钥和访问ID。但是当我尝试使用此命令时:
aws s3 mv /home/ec2-user/temp/backup/*.tar.gz s3://s3-bucketname/testfolder/
它发出了这个错误:
sudo aws s3 mv /home/ec2-user/temp/backup/debugLogBackup_$(date +%F).tar.gz s3://s3-bucketname/testfolder/debugLogBackup_$(date +%F).tar.gz
move failed: backup/debugLogBackup_2017-02-22.tar.gz to s3://s3-bucketname/testfolder/debugLogBackup_2017-02-22.tar.gz
An error occurred (AccessDenied) when calling the CreateMultipartUpload operation: Access Denied
参数验证失败:
参数UploadId的类型无效,值:无,键入:,有效类型:
任何人都可以帮我解决这个错误吗?
答案 0 :(得分:1)
首先,如果您从本地目录到S3存储桶有moving个多个文件(具有特定扩展名),那么您的命令应该是这样的(使用exclude and include filters):
aws s3 mv /home/ec2-user/temp/backup/ s3://s3-bucketname/testfolder/ --recursive --exclude "*" --include "*.tar.gz"
您的政策"Resource"元素也存在问题。由于您要上传多个文件,因此它应采用以下格式(即使用通配符):"Resource": "arn:aws:s3:::s3-bucketname/testfolder/*"。
注意:虽然您可以在操作字符串中使用一个或多个通配符(*)(请参阅Specifying Resources in a Policy),但我强烈建议不要这样做。如果可能,最好使用显式权限。
您可以尝试以下政策:
{
"Version": "2012-10-17",
"Id": "Policy1487803543981",
"Statement": [
{
"Sid": "Stmt1487803541931",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::###234222###:user/Bilkishjain"
},
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::s3-bucketname/testfolder/*"
}
]
}