我对s3的git备份失败,出现403 forbidden错误。我创建了名为git的IAM用户并将策略附加到用户,用户和策略是使用terraform创建的,但我收到403禁止错误,请帮助
# Create IAM user policy
resource "aws_iam_user_policy" "gitlab_policy" {
name = "bi-git-policy"
user = "${aws_iam_user.gitlab.name}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid" : "gitbucket",
"Effect": "Allow",
"Action": [
"s3:GetBucketlocation",
"s3:ListAllMyBuckets"
],
"Resource": [ "*" ]
},
{
"Sid" : "gitlistbucket",
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::***_${var.environment}"]
},
{
"Sid" : "gitgetputbucket",
"Effect": "Allow",
"Action": [
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:PutObjectAcl",
"s3:PutObject",
"s3:GetObjectAcl",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload"
],
"Resource": ["arn:aws:s3:::***_${var.environment}/*"]
}
]
}
EOF
答案 0 :(得分:1)
尝试此政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::***_${var.environment}"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::***_${var.environment}/*"
]
}
]
}