我已經嘗試了幾乎所有可能的存儲桶策略。還嘗試向用戶添加策略,但每次嘗試使用AWS控制檯從s3存儲桶下載對象時,都會收到「拒絕訪問」。即使使用存儲桶和/或用戶策略,訪問在AWS s3存儲桶中被拒絕
桶政策:
{
"Version": "2012-10-17",
"Id": "MyPolicy",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::12345678901011:user/my-username"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
]
},
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::my-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"XX.XXX.XXX.XXX/24",
"XXX.XXX.XXX.XXX/24"
]
}
}
}
]
}
這並不工作,所以我嘗試添加一個政策,我戶名:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "StmtXXXXXXXXXX",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
]
}
]
}
你能列出通過控制檯的對象,但只是不下載它們?最初加載到桶中的對象是如何的?他們是通過CLI複製的嗎? –
@JohnRotenstein過程:應用程序在桶中放置一個對象。我刷新控制檯,我看到它出現。我選擇它並點擊「下載」。我得到了一個醜陋的網頁,說拒絕訪問。如果我通過控制檯手動上傳對象,我可以立即下載它。 – scottndecker