我具有以下S3结构:
存储桶名称:测试桶
文件:test.json
我有以下AWS策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:PutObject",
"Action": "s3:GetObject",
"Action": "s3:DeleteObject",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::test-bucket"
}
]
}
使用访问密钥123的用户附加了此策略。
当我尝试使用SDK放入测试桶中时,请这样:
BasicAWSCredentials awsCreds = new BasicAWSCredentials("123", "secretKeyId");
s3Client = AmazonS3ClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(awsCreds))
.withRegion("US-EAST-1")
.build();
s3Client.putObject(new PutObjectRequest("test-bucket", "test.json", file));
这将给访问拒绝问题。
如果我将策略的资源更改为
"Resource": "*"
然后它将起作用。我只想确保我所提供的资源以正确的格式。怎么了?
您需要让亚马逊知道,在您的水桶旁边,您还需要访问存储桶的内容。
所以从:
更改资源"Resource": "arn:aws:s3:::test-bucket"
类似:
"Resource": [
"arn:aws:s3:::test-bucket",
"arn:aws:s3:::test-bucket/*"
]