我正在尝试将图像上传到我的S3 Bucket。但我收到了";AccessDenied:请求时拒绝访问。extractError";错误Dev NodeJS服务器正在EC2实例中运行。令人惊讶的是,当我在localhost中运行服务器时,上传图像功能可以正常工作。在本地服务器和开发服务器中使用相同的凭据。IAM用户同时具有管理员和AmazonS3FullAccess权限。S3 Bucket没有任何策略,并且Bucket中的对象可以是公共的。
这是我上传图片的NodeJS代码。
const AWS = require('aws-sdk');
AWS.config.update({
accessKeyId: process.env.AWS_ACCESS_KEY_ID,
secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
region: process.env.AWS_REGION
});
const S3 = new AWS.S3();
uploadImage: async (title, file, mime) => {
return await S3.upload({
Bucket: process.env.AWS_S3_IMAGES,
Key: title,
Body: file,
ACL: "public-read",
ContentType: mime
}).promise()
},
这就是我收到的错误。
AccessDenied: Access Deniedn at Request.extractError (/home/ec2-user/backend/node_modules/aws-sdk/lib/services/s3.js:700:35)n at Request.callListeners(/home/ec2-user/backend/node_modules/aws-sdk/lib/sequential_executor.js:106:20)n at Request.emit (/home/ec2-user/backend/node_modules/aws-sdk/lib/sequential_executor.js:78:10)n at Request.emit (/home/ec2-user/backend/node_modules/aws-sdk/lib/request.js:688:14)n at Request.transition (/home/ec2-user/backend/node_modules/aws-sdk/lib/request.js:22:10)n at AcceptorStateMachine.runTo (/home/ec2-user/backend/node_modules/aws-sdk/lib/state_machine.js:14:12)n at /home/ec2-user/backend/node_modules/aws-sdk/lib/state_machine.js:26:10n at Request. <anonymous> (/home/ec2-user/backend/node_modules/aws-sdk/lib/request.js:38:9)n at Request.<anonymous> (/home/ec2-user/backend/node_modules/aws-sdk/lib/request.js:690:12)n at Request.callListeners (/home/ec2-user/backend/node_modules/aws-sdk/lib/sequential_executor.js:116:18)n at Request.emit (/home/ec2-user/backend/node_modules/aws-sdk/lib/sequential_executor.js:78:10)n at Request.emit (/home/ec2-user/backend/node_modules/aws-sdk/lib/request.js:688:14)n at Request.transition (/home/ec2-user/backend/node_modules/aws-sdk/lib/request.js:22:10)n at AcceptorStateMachine.runTo (/home/ec2-user/backend/node_modules/aws-sdk/lib/state_machine.js:14:12)n at /home/ec2-user/backend/node_modules/aws-sdk/lib/state_machine.js:26:10n at Request.<anonymous> (/home/ec2-user/backend/node_modules/aws-sdk/lib/request.js:38:9)n at Request.<anonymous> (/home/ec2-user/backend/node_modules/aws-sdk/lib/request.js:690:12)n at Request.callListeners (/home/ec2-user/backend/node_modules/aws-sdk/lib/sequential_executor.js:116:18)n at callNextListener (/home/ec2-user/backend/node_modules/aws-sdk/lib/sequential_executor.js:96:12)n at IncomingMessage.onEnd (/home/ec2-user/backend/node_modules/aws-sdk/lib/event_listeners.js:313:13)n at IncomingMessage.emit (events.js:387:35)n at IncomingMessage.emit (domain.js:470:12)
过去几天我一直在努力解决这个问题,但找不到任何线索。如果你们中的任何一个人能为我指明正确的方向,那就太好了。
提前谢谢。
在s3控制台中应用以下策略>"权限"的Bucket策略编辑器。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "editor",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<IAM-user-ID>:user/testuser"
},
"Action": [
"s3:ListBucket",
"s3:ListBucketVersions",
"s3:GetBucketLocation",
"s3:Get*",
"s3:Put*",
"s3:Delete*"
],
"Resource": [
"arn:aws:s3:::bucket/*",
"arn:aws:s3:::bucket"
]
},
{
"Sid": "editor2",
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*"
}
]
}