我正在尝试运行具有复制配置的py脚本,同时执行时遇到“ ACCESS_DENIED”错误。
Rrplication_configuration.py
import boto3
client = boto3.client('s3')
response = client.put_bucket_replication(
Bucket='s3remotestaebackendbucket',
ReplicationConfiguration={
'Role': 'arn:aws:iam:::role/tf-iam-role-replication',
'Rules': [
{
"ID": "abcd",
'Prefix': '',
'Status': 'Enabled',
'Destination': {
'Bucket': 'arn:aws:s3:::s3remotestaebackendreplicationbucket',
'StorageClass': 'STANDARD'
}
},
]
}
)
错误
botocore.exceptions.ClientError:调用PutBucketReplication操作时发生错误(AccessDenied):访问被拒绝**
S3角色
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
政策
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"${var.source_bucket_arn}"
]
},
{
"Action": [
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl"
],
"Effect": "Allow",
"Resource": [
"${var.source_bucket_arn}/*"
]
},
{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete"
],
"Effect": "Allow",
"Resource": "${var.destination_bucket_arn}/*"
}
]
}
IAM_USER_PASSROLE
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:GetRole",
"iam:PassRole"
],
"Resource": "arn:aws:iam:::role/tf-iam-role-replication"
}
]
}
任何人都可以帮助我解决此错误。我在哪里做错了? 此示例代码将包含Terrraform变量声明