当我尝试将对象从帐户A推送到帐户B时。目标存储桶具有
“Sid”: “DenyUnEncryptedObjectUploads”
“s3:x-amz-server-side-encryption”:”AES256”,”aws:kms”
这是目标s3存储桶的存储桶策略。
当我尝试使用lambda函数推送对象时,会引发以下错误:
调用CopyObject操作时发生错误事件(访问被拒绝):访问被拒绝 在此处输入代码 我尝试使用-sse aws:kms和/或-sse AES256将对象推送到源帐户。要检查数据是否已到达目的地,因为它具有必要的服务器端加密。
即使我遇到同样的Access Denied错误。
{
"Version":"2008-10-17",
"Statement":[
{
"Sid":"Full Access",
"Effect":"Allow",
"Principal": {"AWS": ["arn:aws:iam::111122223333:otheriam","arn:aws:iam::444455556666:myrole"]},
"Action": “s3:*”,
"Resource":[“arn:aws:s3:::destination-bucket/”,"arn:aws:s3:::destination-bucket/*"],
}
]
}
"Sid":"RequiredEncryptedPuObject",
"Effect":"Deny",
"Principal":"*",
"Action":"s3:PutObject",
"Resource":"arn:aws:s3:::destination-bucket-name/*",
"Condition":{
"StringNotEquals":{
"s3:x-amz-server-side-encryption":”AES256”"aws:kms"
}
}
}
]
}