我正在尝试从我的S3存储桶中获取文件夹,但不知何故无法弄清楚它失败的原因。
我打电话
aws s3 cp s3://somebucket . --recursive
并获取
致命错误:调用时发生错误(AccessDenied) ListObjects操作:拒绝访问
如果我尝试使用同一个用户模拟这些操作
aws iam simulate-principal-policy --policy-source-arn arn:aws:iam::123324234234:user/user1 --action-names iam:ListBucket iam:GetObject iam:PutObject --resource-arns arn:aws:s3:::somebucket
它在任何地方删除Allowed
{
"EvaluationResults": [
{
"EvalActionName": "iam:ListBucket",
"EvalResourceName": "arn:aws:s3:::somebucket",
"EvalDecision": "allowed",
"MatchedStatements": [
{
"SourcePolicyId": "AdministratorAccess",
"StartPosition": {
"Line": 3,
"Column": 17
},
"EndPosition": {
"Line": 8,
"Column": 6
}
}
],
"MissingContextValues": []
},
{
"EvalActionName": "iam:GetObject",
"EvalResourceName": "arn:aws:s3:::somebucket",
"EvalDecision": "allowed",
"MatchedStatements": [
{
"SourcePolicyId": "AdministratorAccess",
"StartPosition": {
"Line": 3,
"Column": 17
},
"EndPosition": {
"Line": 8,
"Column": 6
}
}
],
"MissingContextValues": []
},
{
"EvalActionName": "iam:PutObject",
"EvalResourceName": "arn:aws:s3:::somebucket",
"EvalDecision": "allowed",
"MatchedStatements": [
{
"SourcePolicyId": "AdministratorAccess",
"StartPosition": {
"Line": 3,
"Column": 17
},
"EndPosition": {
"Line": 8,
"Column": 6
}
}
],
"MissingContextValues": []
}
]
}
我缺少什么?
这是我的政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::somebucket",
]
},
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::somebucket",
"arn:aws:s3:::somebucket/*",
]
}
]
}