我试图将某些文件从EC2(Linux)复制到S3桶。我将此策略附加到我的S3
{
"Version": "2012-10-17",
"Id": "Policy1487803543981",
"Statement": [
{
"Sid": "Stmt1487803541931",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::###234222###:user/Bilkishjain"
},
"Action": [
"s3:Get*",
"s3:*Multi*",
"s3:Put*"
],
"Resource": "arn:aws:s3:::<bucketname>/<filename>"
}
]
}
我进行了AWS配置,并提供了访问键和访问ID。但是当我尝试使用此命令时:
aws s3 mv /home/ec2-user/temp/backup/*.tar.gz s3://s3-bucketname/testfolder/
它给出了此错误:
sudo aws s3 mv /home/ec2-user/temp/backup/debugLogBackup_$(date +%F).tar.gz s3://s3-bucketname/testfolder/debugLogBackup_$(date +%F).tar.gz
move failed: backup/debugLogBackup_2017-02-22.tar.gz to s3://s3-bucketname/testfolder/debugLogBackup_2017-02-22.tar.gz
An error occurred (AccessDenied) when calling the CreateMultipartUpload operation: Access Denied
参数验证失败:
参数上传的无效类型,值:无,类型:,有效类型:
任何人可以帮助我解决这个错误吗?
首先,如果您将多个文件(带有特定的扩展程序)从本地目录移动到S3存储桶,则您的命令应该是这样的(使用排除和包含过滤器):
aws s3 mv /home/ec2-user/temp/backup/ s3://s3-bucketname/testfolder/ --recursive --exclude "*" --include "*.tar.gz"
您的策略的"Resource"元素也有问题。因为您要上传多个文件,所以它应该采用以下格式(即使用通配符): "Resource": "arn:aws:s3:::s3-bucketname/testfolder/*"。
NOTE :尽管您可以在操作字符串中使用一个或多个通配符(*)(请参阅策略中的指定资源),但我强烈建议您反对。如果可能的话,最好使用明确的权限。
您可以尝试以下策略:
{
"Version": "2012-10-17",
"Id": "Policy1487803543981",
"Statement": [
{
"Sid": "Stmt1487803541931",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::###234222###:user/Bilkishjain"
},
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::s3-bucketname/testfolder/*"
}
]
}