将 SSM 会话管理器的会话输出保存到另一个 AWS 账户中的 S3 存储桶
Save session output of the SSM Session Manager to an S3 bucket in another AWS Account
是否可以将 SSM 会话管理器的会话输出保存到 另一个 AWS 帐户中的 S3 存储桶?
我无法让它工作,我的存储桶策略如下所示:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SSMBucketPermissionsCheck",
"Effect": "Allow",
"Principal": {
"Service": "ssm.amazonaws.com"
},
"Action": "s3:GetBucketAcl",
"Resource": "arn:aws:s3:::<bucket-name>"
},
{
"Sid": " SSMBucketDelivery",
"Effect": "Allow",
"Principal": {
"Service": "ssm.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::<bucket-name>/<account-id>/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}
好的,我找到问题了。显然我必须将以下策略添加到我的实例角色中:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:PutObjectAcl",
"Resource": "<bucket>/<path>"
}
]
}
是否可以将 SSM 会话管理器的会话输出保存到 另一个 AWS 帐户中的 S3 存储桶? 我无法让它工作,我的存储桶策略如下所示:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SSMBucketPermissionsCheck",
"Effect": "Allow",
"Principal": {
"Service": "ssm.amazonaws.com"
},
"Action": "s3:GetBucketAcl",
"Resource": "arn:aws:s3:::<bucket-name>"
},
{
"Sid": " SSMBucketDelivery",
"Effect": "Allow",
"Principal": {
"Service": "ssm.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::<bucket-name>/<account-id>/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}
好的,我找到问题了。显然我必须将以下策略添加到我的实例角色中:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:PutObjectAcl",
"Resource": "<bucket>/<path>"
}
]
}