受保护的存储桶@S3-访问被拒绝

tag-icon tag-icon amazon-web-services amazon-s3 cloudberry
受保护的存储桶@S3-访问被拒绝

我正在尝试使用以下存储桶策略向特定用户授予对给定存储桶的 RW 访问权限:

{
  "Id": "Policy1322043790167",
  "Statement": [
    {
      "Sid": "Stmt9999043784080",
      "Action": [
        "s3:AbortMultipartUpload",
        "s3:DeleteObject",
        "s3:DeleteObjectVersion",
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::private_bucket/*",
      "Principal": {
        "AWS": [
          "arn:aws:iam::999903749999:user/my.username.under.my.aws.account"
        ]
      }
    }
  ]
}

据我所知,它与以下示例非常相似http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?AccessPolicyLanguage_UseCases_s3_a.html我已经按照http://docs.amazonwebservices.com/IAM/latest/GettingStartedGuide/index.html?SetUpAdminsGroup.html

但它不起作用。使用 .NET SDK 或 CloudBerry Explorer 的用户 AWS 密钥和密钥,我得到了“拒绝访问”错误。

我错过了什么?

以下日志是Cloudberry尝试的操作日志的片段:

System.Net.WebException 远程服务器已纠正错误:(403) 禁止。在 System.Net.HttpWebRequest.GetResponse() 中在 db.A(dD、Action`1、HttpWebRequest、dW) 中

2011-11-23 08:36:10,505 [S3] [4] INFO - InternalListBucketCall 启动,存储桶:secured_bucket,前缀:,标记:,maxkeys:1,分隔符:/ 2011-11-23 08:36:11,388 [S3] [4] 错误 - Http 响应状态:403:禁止 2011-11-23 08:36:11,390 [S3] [4] 错误 - Http 响应标头:x-amz-request-id: 70941BB8654CE12E 2011-11-23 08:36:11,392 [S3] [4] 错误 - Http 响应标头:x-amz-id-2: JssG1wXtZSjiGO8oVb9B46NNkn24TpZToD4u/KZAFaPBFBECF7YDMPnckVpyhaDE 2011-11-23 08:36:11,394 [S3] [4] 错误 - Http 响应标头:Transfer-Encoding: chunked 2011-11-23 08:36:11,396 [S3] [4] 错误 - Http 响应标头:Content-Type: application/xml 2011-11-23 08:36:11,398 [S3] [4] 错误 - Http 响应标头:日期:2011 年 11 月 23 日,星期三 10:36:31 GMT 2011-11-23 08:36:11,400 [S3] [4] 错误 - Http 响应标头:服务器:AmazonS3 2011-11-23 08:36:11,402 [S3] [4] 错误 - AccessDenied访问被拒绝70941BB8654CE12EJssG1wXtZSjiGO8oVb9B46NNkn24TpZToD4u/KZAFaPBFBECF7YDMPnckVpyhaDE 2011-11-23 08:36:11,404 [S3] [4] 错误 - InternalListBucketCall 失败,存储桶:secured_bucket,前缀:,标记:,maxkeys:1,分隔符:/CloudBerryLab.Base.Exceptions.Status403Exception 访问被拒绝

2011-11-23 08:36:11,407 [UI] [4] 错误 - 操作完成但出现错误。单击“详细信息”获取更多信息。CloudBerryLab.Base.Exceptions.Status403Exception 访问被拒绝 em kT.A(String , String , String , Int32 , String , FH ) em kT.B(String , String ) em kM.a(String , Boolean ) em HW.a(String , Boolean ) em HW.A(String ) em CloudBerryLab.Explorer.Console.Controls.PluginArea.A(Object , DoWorkEventArgs )

2011-11-23 08:36:18,776 [基本] [11] 信息 - PROCESSOR_ARCHITECTURE=x86

答案1

我不是 s3 专家,但你试过给它 ListAllMyBuckets 权限吗?当我尝试使用 s3cmd 从 ec2 实例访问 s3 时遇到了这个问题,尽管我使用 :* 授予了所有权限,但我必须明确授予 ListAllMyBuckets 权限:

"Sid": "Stmt1397683550000",
  "Effect": "Allow",
  "Action": [
    "s3:ListAllMyBuckets"
  ],
  "Resource": [
    "arn:aws:s3:::mybucketname"
  ]

相关内容