在假定角色后尝试将对象放入另一个帐户的S3存储桶时,我看到以下错误。但是我能够列出桶下的所有对象。
" errorMessage":"调用时发生错误(AccessDenied) PutObject操作:访问被拒绝"," errorType":" ClientError",
botocore.exceptions.ClientError:发生错误(AccessDenied)时 调用PutObject操作:拒绝访问
代码
session_assumed = aws_session(role_arn=ROLE_ARN, session_name='my_lambda')
bucket = '<bucket name>'
bucket_resource = session_assumed.resource('s3').Bucket(bucket)
// The below works - able to read values from the bucket
for object in bucket_resource.objects.all():
print(' object value = {}'.format(object.key))
// the below does not work
bucket_resource.put_object(Key='<key>', Body=b'Hello World!')
我检查了其他帐户中存在的假定角色的政策文件,似乎提供了对s3的完全访问权限
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "<sid name>",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::<bucket name>-*"
}
]
}
编辑:工作代码
d0_bucket_resource.put_object(Key='<key>', Body=b'Hello World!',ServerSideEncryption='AES256')