尝试访问S3存储桶以获取其中的文件列表时,出现“访问被拒绝”错误,尽管我认为我设置正确。我正在终端中使用 node script.js 在本地运行脚本。
这里有什么问题吗?
我不确定应该给哪个池ID:联合身份池ID或创建IAM角色时创建的池ID。如果更改为联合身份池ID,则错误将变为“ CredentialsError:配置中缺少凭据”,而不是AccessDenied。
如果我
const AWS = require('aws-sdk');
AWS.config.region = 'us-east-1';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'us-east-1:213hd23-23blah7'
});
const s3 = new AWS.S3();
var params = {
Bucket: 'blah_bucket' // input bucket
}
var allKeys = [];
listAllKeys();
function listAllKeys() {
s3.listObjectsV2(params, function (err, data) {
if (err) {
console.log(err, err.stack); // an error occurred
} else {
var contents = data.Contents;
contents.forEach(function (content) {
allKeys.push(content.Key);
});
if (data.IsTruncated) {
params.ContinuationToken = data.NextContinuationToken;
console.log("get further list...");
listAllKeys();
}
}
});
}
IAM角色的内联策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:ListBucketMultipartUploads",
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::blah_bucket/*"
}
]
}