我有两个aws帐户。我想将对象从帐户A上传到驻留在帐户B中的S3存储桶。帐户B也应该能够访问这些对象。
我创建了一个S3存储桶,并提供了以下策略
{
"Version": "2012-10-17",
"Id": "Policy1533932697318",
"Statement": [
{
"Sid": "Stmt1533932695665",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789123:root”
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::bucket-b",
"arn:aws:s3:::bucket-b/*"
]
}
]
}
我在委托人中提供的帐户是帐户A。正如预期的那样,我能够从帐户A中写入和读取数据。
但是我收到“致命错误:调用HeadObject操作时发生错误(403):禁止”错误当我尝试从存储桶中驻留的帐户B中读取数据时。
我还尝试将我的帐户B根帐户添加到策略主体JSON中抱怨语法。
请告知我该问题是否有解决方案。
{
"Version": "2012-10-17",
"Id": "Policy1533932697318",
"Statement": [
{
"Sid": "Stmt1533932695665",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789123:root”
"arn:aws:iam::987654321321:root”
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::bucket-b",
"arn:aws:s3:::bucket-b/*"
]
}
]
}
答案 0 :(得分:0)
这是我的bucket_policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my_bucket/*"
}
]
}