AWS S3 政策混淆
AWS S3 policies confusions
我想将阅读(下载)权限授予单个用户。
我对应该使用什么感到困惑:
我应该使用
- S3 界面中的 Bucket Policy Editor
- 用户的内联策略并指定读取权限(来自 IAM 界面)
- 激活"Any Authenticated AWS User"有权读取(从s3接口)然后使用内联权限以获得更细粒度?
我使用了内联策略,但它不起作用:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowUserToReadObject",
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetObjectTorrent"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::staging/*",
"arn:aws:s3:::prod/*"
]
}
]
}
当我使用 Boto 时:
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from boto.s3.connection import S3Connection
from boto.s3.key import Key
import sys, os
AWS_KEY = ''
AWS_SECRET = ''
from boto.s3.connection import S3Connection
conn = S3Connection(AWS_KEY, AWS_SECRET)
bucket = conn.get_bucket('staging')
for key in bucket.list():
print key.name.encode('utf-8')
我收到以下错误:
Traceback (most recent call last):
File "listing_bucket_files.py", line 20, in <module>
bucket = conn.get_bucket('staging')
File "/usr/local/lib/python2.7/dist-packages/boto/s3/connection.py", line 503, in get_bucket
return self.head_bucket(bucket_name, headers=headers)
File "/usr/local/lib/python2.7/dist-packages/boto/s3/connection.py", line 536, in head_bucket
raise err
boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden
您没有分配 "s3:ListBucket" 权限,该帐户在访问 staging 和 prod 的存储桶时被停止,然后无权访问 [=19] =] 在这些桶中。
记住你必须像下面这样分隔代码,并且不要在存储桶名称后添加 /*。
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::staging",
"arn:aws:s3:::prod",
]
},
我想将阅读(下载)权限授予单个用户。 我对应该使用什么感到困惑:
我应该使用
- S3 界面中的 Bucket Policy Editor
- 用户的内联策略并指定读取权限(来自 IAM 界面)
- 激活"Any Authenticated AWS User"有权读取(从s3接口)然后使用内联权限以获得更细粒度?
我使用了内联策略,但它不起作用:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowUserToReadObject",
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetObjectTorrent"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::staging/*",
"arn:aws:s3:::prod/*"
]
}
]
}
当我使用 Boto 时:
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from boto.s3.connection import S3Connection
from boto.s3.key import Key
import sys, os
AWS_KEY = ''
AWS_SECRET = ''
from boto.s3.connection import S3Connection
conn = S3Connection(AWS_KEY, AWS_SECRET)
bucket = conn.get_bucket('staging')
for key in bucket.list():
print key.name.encode('utf-8')
我收到以下错误:
Traceback (most recent call last):
File "listing_bucket_files.py", line 20, in <module>
bucket = conn.get_bucket('staging')
File "/usr/local/lib/python2.7/dist-packages/boto/s3/connection.py", line 503, in get_bucket
return self.head_bucket(bucket_name, headers=headers)
File "/usr/local/lib/python2.7/dist-packages/boto/s3/connection.py", line 536, in head_bucket
raise err
boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden
您没有分配 "s3:ListBucket" 权限,该帐户在访问 staging 和 prod 的存储桶时被停止,然后无权访问 [=19] =] 在这些桶中。
记住你必须像下面这样分隔代码,并且不要在存储桶名称后添加 /*。
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::staging",
"arn:aws:s3:::prod",
]
},