我创建了一个新的AWS IAM角色,并为其提供了以下策略(尝试遵循最小权限原则):
private static String extract_Digits_Stack(String inputString)
{
String[] arrString = new StringBuilder(inputString).reverse().toString().split("");
Stack<String> stack = new Stack<String>();
for(String input : arrString)
{
stack.push(input);
}
StringBuilder builder = new StringBuilder();
builder.append("your digits are: ");
for (int i = 0; i < inputString.length(); i++) {
if(i == inputString.length()-1) builder.append(" and ");
builder.append(stack.pop());
if(i < inputString.length()-2) builder.append(",");
}
return builder.toString();
}
使用{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1493050925000",
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::avatars-bus-com-development/avatar/*"
]
}
]
}
,我尝试使用以下命令行上传公共可读文件:
s3cmd当我这样做时,我收到来自S3的拒绝访问错误。
使用AWS CLI工具,我也收到了AccessDenied错误:
s3cmd put --public-acl --access_key AKIA... --secret_key "..." \
spec/fixtures/avatars/large-avatar.jpg \
s3://avatars-bus-com-development/avatar/00-55/inbb7ljt-2017-02-17-09-00-55/original.jpg
为了将公开可读的对象放在S3上,必须提供哪些其他操作?
答案 0 :(得分:1)
问题是由--acl public-read引起的,需要PutObjectAcl权限。 (如果你把它拿出来,它就可以了。)
因此,请将您的政策更新为:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::avatars-bus-com-development/avatar/*"
]
}
]
}