铲斗政策
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::123456784337:root",
"arn:aws:iam::123456784337:user/lambda-user"
]
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mybucket/*"
}
]
}
初始化
AWS.config.update({
region: 'ap-southeast-1',
accessKey: 'abcxxxx',
secretAccessKey:'abcdxxx'
});
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'ap-southeast-1:12340000-5587-4d40-91fe-9fab5668c708'
});
S3 getObject
function (bucketName, key) {
const params = {
Bucket: bucketName,
Key: key,
};
return s3.getObject(params).promise()
.then((data) => {
console.log('Successfully read from S3!');
return data;
});
};
Congnito userUnauthenticated
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"lambda:InvokeFunction",
"mobileanalytics:PutEvents",
"dynamodb:Scan",
"lambda:InvokeAsync",
"cognito-sync:*"
],
"Resource": "*"
}
]
}
无法读取S3。 AccessDenied:访问被拒绝 (node:73168)UnhandledPromiseRejectionWarning:未处理的承诺拒绝(拒绝ID:1):AccessDenied:拒绝访问
仅当Principal是通配符时才有效,但不建议使用该配置。
答案 0 :(得分:0)
以下是从S3读取文件的政策。
{
"Id": "Policy1528709447655",
"Version": "2012-10-17",
"Statement": [{
"Sid": "Stmt1528709412334",
"Action": [
"s3:GetBucketPolicy",
"s3:GetObject",
"s3:GetObjectTagging",
"s3:GetObjectAcl"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::bucket_name",
"arn:aws:s3:::bucket_name/*"
],
"Principal": {
"AWS": [
"arn:aws:iam::123456784337:root",
"arn:aws:iam::487686674337:user/lambda-user"
]
}
}]
}