如何启用读写 amazon s3 bucket 权限
How to enable read write amazon s3 bucket permission
我想将我用 heroku 制作的 ghost blog 连接到我在 aws 中的 s3 存储桶,以便能够在帖子中上传图片。
我将我的用户 ARN:arn:aws:iam::916616152568:user/myuser 附加到具有 "AmazonS3FullAccess" 的组。
我做错了什么?
Public 此存储桶的访问设置:
Manage public access control lists (ACLs)
Block new public ACLs and uploading public objects (Recommended)
True
Remove public access granted through public ACLs (Recommended)
True
Manage public bucket policies
Block new public bucket policies (Recommended)
False
Block public and cross-account access if bucket has public policies
(Recommended)
False
我的存储桶策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ListObjectsInBucket",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::916616152568:user/*myuser*"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::*myS3bucket*"
},
{
"Sid": "AllObjectActions",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::916616152568:user/*myuser*"
},
"Action": "s3:*Object",
"Resource": "arn:aws:s3:::*myS3bucket*/*"
}
]
}
我已经将 S3_ACCESS_BUCKET_NAME
、S3_ACCESS_BUCKET_REGION
、S3_ACCESS_KEY_ID
和 S3_ACCESS_SECRET_KEY
上传到我的 heroku 环境变量
我在从我的虚拟服务器上传文件时遇到此错误。 Failed to load resource: the server responded with a status of 403 (Forbidden)
但是如果我从 aws 控制台登录并上传就没问题了。
您需要创建 IAM 策略以允许您的 IAM 用户访问存储桶。从 IAM 创建类似于 this 的策略。然后去找您的用户并向他附加相同的策略。
我实际上通过将所有 "Public access settings for the bucket" 更改为 false 来修复它。
我想将我用 heroku 制作的 ghost blog 连接到我在 aws 中的 s3 存储桶,以便能够在帖子中上传图片。
我将我的用户 ARN:arn:aws:iam::916616152568:user/myuser 附加到具有 "AmazonS3FullAccess" 的组。
我做错了什么?
Public 此存储桶的访问设置:
Manage public access control lists (ACLs)
Block new public ACLs and uploading public objects (Recommended)
True
Remove public access granted through public ACLs (Recommended)
True
Manage public bucket policies
Block new public bucket policies (Recommended)
False
Block public and cross-account access if bucket has public policies
(Recommended)
False
我的存储桶策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ListObjectsInBucket",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::916616152568:user/*myuser*"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::*myS3bucket*"
},
{
"Sid": "AllObjectActions",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::916616152568:user/*myuser*"
},
"Action": "s3:*Object",
"Resource": "arn:aws:s3:::*myS3bucket*/*"
}
]
}
我已经将 S3_ACCESS_BUCKET_NAME
、S3_ACCESS_BUCKET_REGION
、S3_ACCESS_KEY_ID
和 S3_ACCESS_SECRET_KEY
上传到我的 heroku 环境变量
我在从我的虚拟服务器上传文件时遇到此错误。 Failed to load resource: the server responded with a status of 403 (Forbidden)
但是如果我从 aws 控制台登录并上传就没问题了。
您需要创建 IAM 策略以允许您的 IAM 用户访问存储桶。从 IAM 创建类似于 this 的策略。然后去找您的用户并向他附加相同的策略。
我实际上通过将所有 "Public access settings for the bucket" 更改为 false 来修复它。