您如何允许授予对上载到AWS S3的对象的公共读取访问权限?
西普里亚尼
我创建了一个策略,该策略允许访问帐户中的单个S3存储桶。然后,我创建了一个仅包含此策略的组,并且该组中包含一个用户。
用户可以按预期查看,删除文件并将其上传到存储桶。但是,用户似乎无法授予公众对上载文件的读取访问权限。
选择授予对此对象的公共读取权限选项时,上传将失败。
该存储桶托管着一个静态网站,我想允许前端开发人员上传文件并将其公开。
用户角色的策略如下:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": "arn:aws:s3:::my-bucket"
},
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": "arn:aws:s3:::my-bucket/*"
}
]
}
This is what happens when the IAM user tries to grant public access to the uploaded file: 
The proxy error seems unrelated, but essentially the upload is stuck and nothing happens. If they don't select the Grant public access option, the upload goes through immediately (despite the proxy error showing up as well).
John Rotenstein
To reproduce your situation, I did the following:
- Created a new Amazon S3 bucket with default settings (Block Public Access = On)
- Created an IAM User (with no policies attached)
- Created an IAM Group (with no policies attached)
- Added the IAM User to the IAM Group
- Attached your policy (from the Question) to the IAM Group (updating the bucket name) as an inline policy
- Logged into the Amazon S3 management console as the new IAM User
At this point, the user received an Access Denied error because they were not permitted to list all Amazon S3 buckets. Thus, the console was not usable.
Instead, I ran this AWS CLI command:
aws s3 cp foo.txt s3://new-bucket/ --acl public-read
The result was:
An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
However, the operation succeeded with:
aws s3 cp foo.txt s3://new-bucket/
This means that the --acl is the component that was denied.
I then went to Block Public Access for the bucket and turned OFF the option called "Block public access to buckets and objects granted through new access control lists (ACLs)". My settings were:
I then ran this command again:
aws s3 cp foo.txt s3://new-bucket/ --acl public-read
It worked!
为了验证这一点,我回到了阻止公共访问并打开了所有选项(通过顶部的复选框)。我重新运行了该命令,它再次被拒绝访问,确认原因是“阻止公共访问”设置。
底线:关闭第一个“阻止公共访问”设置。
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
编辑于
相关文章
TOP 榜单
- 1
Qt Creator Windows 10 - “使用 jom 而不是 nmake”不起作用
- 2
使用next.js时出现服务器错误,错误:找不到react-redux上下文值;请确保组件包装在<Provider>中
- 3
Swift 2.1-对单个单元格使用UITableView
- 4
SQL Server中的非确定性数据类型
- 5
如何避免每次重新编译所有文件?
- 6
Hashchange事件侦听器在将事件处理程序附加到事件之前进行侦听
- 7
在同一Pushwoosh应用程序上Pushwoosh多个捆绑ID
- 8
HttpClient中的角度变化检测
- 9
在 Avalonia 中是否有带有柱子的 TreeView 或类似的东西?
- 10
在Wagtail管理员中,如何禁用图像和文档的摘要项?
- 11
通过iwd从Linux系统上的命令行连接到wifi(适用于Linux的无线守护程序)
- 12
构建类似于Jarvis的本地语言应用程序
- 13
Camunda-根据分配的组过滤任务列表
- 14
如何了解DFT结果
- 15
Embers js中的更改侦听器上的组合框
- 16
ggplot:对齐多个分面图-所有大小不同的分面
- 17
使用分隔符将成对相邻的数组元素相互连接
- 18
PHP Curl PUT 在 curl_exec 处停止
- 19
您如何通过 Nativescript 中的 Fetch 发出发布请求?
- 20
错误:找不到存根。请确保已调用spring-cloud-contract:convert
- 21
应用发明者仅从列表中选择一个随机项一次
我来说两句