AWS:botocore.exceptions.ClientError:发生错误(AccessDenied)

时间:2020-09-23 16:55:26

标签: amazon-web-services boto3 amazon-iam botocore

我正在AWS Batch中运行一些作业。我已经为每个容器带来了.aws凭证文件和配置文件。

这是我要运行的代码。

s3 = boto3.resource('s3')
session = boto3.Session()
client = session.client('s3')

dse_input_s3_objects = client.list_objects(
    Bucket='mybucket',
    Prefix='mypath/'
)

当我在本地运行代码时,没有任何问题,但是当我尝试批量运行它时,出现以下错误:

botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied

我正在使用以下批处理服务角色

https://docs.aws.amazon.com/batch/latest/userguide/service_IAM_role.html

需要注意的一点是,在批处理中,我使用的是conda环境,因此我不确定这是否会导致访问凭据时出现任何问题?但是,读取错误后,似乎已经成功找到了凭据。

关于为什么此方法无效的任何想法?我需要在批处理服务角色中添加一些内容吗?

编辑:

这是我的存储桶策略

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ListPermission",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::XXXXXXXXX:root"
            },
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListBucket"
            ],
            "Resource": "arn:aws:s3:::mybucket"
        },
        {
            "Sid": "GetPermission",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::XXXXXXXXXX:root"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::mybucket/*"
        },
        {
            "Sid": "PutPermission",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::XXXXXXXXX:root"
            },
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::mybucket/*"
        }
    ]
}

0 个答案:

没有答案