我想创建一个IAM用户,其唯一的工作是部署到AWS S3静态网站。
我已将此策略提供给我的部署用户:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::www.<my-site-name>.com"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:PutBucketAcl",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::www.<my-site-name>.com/*"
}
]
}
这是我的遗愿政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::www.<my-site-name>.com/*"
}
]
}
这就是我在部署时遇到的问题(我使用Github Actions(:
upload failed: public/404.html to s3://www.<my-site-name>.com/404.html An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
在Github中,我将用户的访问密钥和机密传递给了我的Action。我很确定它是在使用该用户进行交易。当我提供S3FullAccess时,我的用户可以做得很好。但我想创建一个只需要AWS操作的用户。
在哪里可以查看此IAM用户操作的更好日志?
根据注释,解决方案是在DeployUser的备份策略中添加PutObject。