我在wordpress:Error retrieving a list of your S3 buckets from AWS:Access Denied
中得到了这个错误。我有IAM用户的写入策略。我不知道我哪里做错了。请帮帮我。
我的IAM政策在这里:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmtxxxxxxxxxxx",
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::bucketname/*"
]
}
]
}
首先,为了列出所有bucket,您需要创建一个语句,允许IAM在整个s3帐户中执行"s3:ListAllMyBuckets"
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*",
"Condition": {}
}
此外,你似乎在bucket列表方面遇到了麻烦,因为你试图允许的操作:
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
必须应用于整个存储桶:
"Resource": "arn:aws:s3:::bucketname",
当您试图允许对bucket的内容执行此操作时:
"Resource": "arn:aws:s3:::bucketname/*",
无论如何,请尝试以下策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmtxxxxxxxxxxx",
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::bucketname",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*",
"Condition": {}
}
]
}
我在我的网站上测试了它,它有效。
如果您还有其他问题,请随时提问。
谢谢,Vlad