有什么主意,为什么尝试上传到我的S3存储桶时出现AccessDenied错误?
serverless.yml:
service: foo-service
custom:
bucket: my-bucket-name
provider:
name: aws
iamRoleStatements:
- Effect: Allow
Action:
- s3:PutObject
Resource: "arn:aws:s3:::${self:custom.bucket}/*"
functions:
hello:
handler: handler.hello
environment:
BUCKET: ${self:custom.bucket}
我正在尝试将具有public-read权限的文件添加到S3。
答案 0 :(得分:1)
仅凭s3:PutObject权限就可以将项目添加到S3存储桶中,但是,如果您配置了任何ACL属性,则需要附加权限s3:PutObjectAcl。
应该是这样的:
provider:
name: aws
iamRoleStatements:
- Effect: Allow
Action:
- s3:PutObject
- s3:PutObjectAcl
Resource: "arn:aws:s3:::${self:custom.bucket}/*"