我正进入(状态:
调用 ListObjects 操作时发生错误 (AccessDenied):访问被拒绝
当我尝试从我的 S3 存储桶中获取文件夹时。
使用此命令:
aws s3 cp s3://bucket-name/data/all-data/ . --recursive
存储桶的 IAM 权限如下所示:
{ "Version": "version_id", "Statement": [ { "Sid": "some_id", "Effect": "Allow", "Action": [ "s3:*" ], "Resource": [ "arn:aws:s3:::bucketname/*" ] } ] }
copy我需要改变什么才能ls成功?
copy
ls
您已授予对 S3 存储桶内的对象执行命令的权限,但您未授予对存储桶本身执行任何操作的权限。
稍微修改您的策略将如下所示:
{ "Version": "version_id", "Statement": [ { "Sid": "some_id", "Effect": "Allow", "Action": [ "s3:*" ], "Resource": [ "arn:aws:s3:::bucketname", "arn:aws:s3:::bucketname/*" ] } ] }
但是,这可能会提供比所需更多的权限。遵循授予最小权限的 AWS IAM 最佳实践如下所示:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::bucketname" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::bucketname/*" ] } ] }
