我有具有特定用户访问权限的S3存储桶。现在,我正在尝试提交有关AWS的EMR工作。但这表明我的访问被拒绝。
我在这里做错了什么?
桶策略示例:
AUser:
Description: Name of the AUser
Type: String
BUser:
Description: Name of the BUser
Type: String
Resources:
MetadataBucketSecurity:
Type: AWS::S3::BucketPolicy
Properties:
Bucket:
Ref: MetadataBucket
PolicyDocument:
Version: '2012-10-17'
Statement:
-
Effect: Deny
NotPrincipal:
AWS:
- !Sub 'arn:aws:iam::${AWS::AccountId}:user/${AUser}'
- !Sub 'arn:aws:iam::${AWS::AccountId}:user/${BUser}'
Action:
- 's3:ListBucket'
- 's3:RestoreObject'
- 's3:ReplicateObject'
- 's3:PutObject'
- 's3:PutBucketNotification'
- 's3:PutBucketLogging'
- 's3:PutObjectTagging'
- 's3:DeleteObject'
- 's3:GetObjectAcl'
- 's3:GetObject'
- 's3:GetBucketLogging'
- 's3:GetBucketAcl'
- 's3:ListBucketByTags'
- 's3:GetObjectVersionAcl'
- 's3:GetBucketPolicy'
Resource:
- !Sub 'arn:aws:s3:::${Bucket}'
- !Sub 'arn:aws:s3:::${Bucket}/*'
Reason : S3 Service Error.
Caused by: com.amazon.ws.emr.hadoop.fs.shaded.com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied;