git备份到aws失败了

时间:2017-11-21 16:45:46

标签: git amazon-web-services amazon-s3

我对s3的git备份失败,出现403 forbidden错误。我创建了名为git的IAM用户并将策略附加到用户,用户和策略是使用terraform创建的,但我收到403禁止错误,请帮助

# Create IAM user policy

resource "aws_iam_user_policy" "gitlab_policy" {
   name  = "bi-git-policy"
   user  = "${aws_iam_user.gitlab.name}"

   policy = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
      {
       "Sid" : "gitbucket",
       "Effect": "Allow",
       "Action": [
           "s3:GetBucketlocation",
           "s3:ListAllMyBuckets"
         ],
       "Resource": [ "*" ]
      },
      {
       "Sid" : "gitlistbucket",
       "Effect": "Allow",
       "Action": ["s3:ListBucket"],
       "Resource": ["arn:aws:s3:::***_${var.environment}"]
      },
      {
       "Sid" : "gitgetputbucket",
       "Effect": "Allow",
       "Action": [
           "s3:GetBucketAcl",
           "s3:GetBucketLocation",
           "s3:PutObjectAcl",
           "s3:PutObject",
           "s3:GetObjectAcl",
           "s3:GetObject",
           "s3:ListMultipartUploadParts",
           "s3:AbortMultipartUpload"
         ],
       "Resource": ["arn:aws:s3:::***_${var.environment}/*"]
     }
  ]
}
EOF

1 个答案:

答案 0 :(得分:1)

尝试此政策:

{
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "s3:GetBucketLocation",
                    "s3:ListAllMyBuckets"
                ],
                "Resource": "arn:aws:s3:::*"
            },
            {
                "Effect": "Allow",
                "Action": [
                    "s3:ListBucket"
                ],
                "Resource": [
                    "arn:aws:s3:::***_${var.environment}"
                ]
            },
            {
                "Effect": "Allow",
                "Action": [
                    "s3:PutObject",
                    "s3:PutObjectAcl"
                ],
                "Resource": [
                    "arn:aws:s3:::***_${var.environment}/*"
                ]
            }
        ]
    }