aws S3 sync 命令不适用于 S3 中的复制对象
aws S3 sync command is not working for replicated objects in S3
我已将 S3 中的对象从一个帐户复制到另一个帐户。将对象复制到另一个帐户后,我尝试使用复制帐户中的 aws S3 sync 命令将对象复制到 ubuntu 服务器。但是,它显示为拒绝访问。尝试对源存储桶使用 aws S3 sync 命令,它能够从源 S3 存储桶下载图像。
存储桶策略:
{
> "Version": "2012-10-17",
> "Statement": [
> {
> "Sid": "DelegateS3Access",
> "Effect": "Allow",
> "Principal": {
> "AWS": "arn:aws:iam::acnt"
> },
> "Action": [
> "s3:ListBucket",
> "s3:GetObject",
> "s3:ObjectOwnerOverrideToBucketOwner"
> ],
> "Resource": [
> "arn:aws:s3:::name/*",
> "arn:aws:s3:::name"
> ]
> }
> ]
}
将 Amazon S3 对象复制到不同 AWS 账户拥有的存储桶时,将对象的 'owner' 更改为新账户很重要。
来自Changing the replica owner - Amazon Simple Storage Service:
In replication, the owner of the source object also owns the replica by default. When source and destination buckets are owned by different AWS accounts, you can add optional configuration settings to change replica ownership to the AWS account that owns the destination bucket. You might do this, for example, to restrict access to object replicas. This is referred to as the owner override option of the replication configuration.
To configure the owner override, you do the following:
- Add the owner override option to the replication configuration to tell Amazon S3 to change replica ownership.
- Grant Amazon S3 permissions to change replica ownership.
- Add permission in the destination bucket policy to allow changing replica ownership. This allows the owner of the destination bucket to accept the ownership of object replicas.
我已将 S3 中的对象从一个帐户复制到另一个帐户。将对象复制到另一个帐户后,我尝试使用复制帐户中的 aws S3 sync 命令将对象复制到 ubuntu 服务器。但是,它显示为拒绝访问。尝试对源存储桶使用 aws S3 sync 命令,它能够从源 S3 存储桶下载图像。
存储桶策略:
{
> "Version": "2012-10-17",
> "Statement": [
> {
> "Sid": "DelegateS3Access",
> "Effect": "Allow",
> "Principal": {
> "AWS": "arn:aws:iam::acnt"
> },
> "Action": [
> "s3:ListBucket",
> "s3:GetObject",
> "s3:ObjectOwnerOverrideToBucketOwner"
> ],
> "Resource": [
> "arn:aws:s3:::name/*",
> "arn:aws:s3:::name"
> ]
> }
> ]
}
将 Amazon S3 对象复制到不同 AWS 账户拥有的存储桶时,将对象的 'owner' 更改为新账户很重要。
来自Changing the replica owner - Amazon Simple Storage Service:
In replication, the owner of the source object also owns the replica by default. When source and destination buckets are owned by different AWS accounts, you can add optional configuration settings to change replica ownership to the AWS account that owns the destination bucket. You might do this, for example, to restrict access to object replicas. This is referred to as the owner override option of the replication configuration.
To configure the owner override, you do the following:
- Add the owner override option to the replication configuration to tell Amazon S3 to change replica ownership.
- Grant Amazon S3 permissions to change replica ownership.
- Add permission in the destination bucket policy to allow changing replica ownership. This allows the owner of the destination bucket to accept the ownership of object replicas.