我创建了IAM策略并分配给IAM用户。
请找到策略
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::testingbucket00"
},
{
"Sid": "VisualEditor3",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::testingbucket00/*"
}
]
}
i未检查的"块新的公共存储桶策略"
我尝试使用IAM用户列出所有存储库登录AWS控制台,但显示"访问为错误"。
我想为IAM用户分配一个存储桶,请为此提供帮助。
即使此IAM用户将"错误"视为S3控制台上的访问值,他也将策略文档中的访问权限为" TestingBucket00"。
但是,如果需要查看正确的访问值,则此IAM用户需要允许读取存储桶权限。将下面的权限添加到第一个(VisualEditor1)语句的动作中。
"s3:GetBucketPublicAccessBlock",
"s3:GetAccountPublicAccessBlock",
"s3:GetBucketAcl",
"s3:GetBucketPolicy",
"s3:GetBucketPolicyStatus"