我正在AWS Batch中运行一些作业。我已经为每个容器带来了.aws凭证文件和配置文件。
这是我要运行的代码。
s3 = boto3.resource('s3')
session = boto3.Session()
client = session.client('s3')
dse_input_s3_objects = client.list_objects(
Bucket='mybucket',
Prefix='mypath/'
)
当我在本地运行代码时,没有任何问题,但是当我尝试批量运行它时,出现以下错误:
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied
我正在使用以下批处理服务角色
https://docs.aws.amazon.com/batch/latest/userguide/service_IAM_role.html
需要注意的一点是,在批处理中,我使用的是conda环境,因此我不确定这是否会导致访问凭据时出现任何问题?但是,读取错误后,似乎已经成功找到了凭据。
关于为什么此方法无效的任何想法?我需要在批处理服务角色中添加一些内容吗?
编辑:
这是我的存储桶策略
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ListPermission",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXXXXXXX:root"
},
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::mybucket"
},
{
"Sid": "GetPermission",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXXXXXXXX:root"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mybucket/*"
},
{
"Sid": "PutPermission",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXXXXXXX:root"
},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::mybucket/*"
}
]
}