我正尝试使用以下存储桶策略将给定存储区的RW访问权授予特定用户:
{ "Id": "Policy1322043790167", "Statement": [ { "Sid": "Stmt9999043784080", "Action": [ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:GetObject", "s3:GetObjectVersion", "s3:PutObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::private_bucket/*", "Principal": { "AWS": [ "arn:aws:iam::999903749999:user/my.username.under.my.aws.account" ] } } ] } 据我可以注意到这是相当于在http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?AccessPolicyLanguage_UseCases_s3_a.html的例子,我已经遵循什么是logging在http:// docs .amazonwebservices.com / IAM /最新/ GettingStartedGuide / index.html的?SetUpAdminsGroup.html
不工作。 将用户AWS Key和Secret Key与.NET SDK或CloudBerry Explorer一起使用会出现“拒绝访问”错误。
我错过了什么?
以下日志是由Cloudberry尝试的操作日志的一部分:
System.Net.WebException O servidor remoto retornou um erro:(403)Proibido。 em System.Net.HttpWebRequest.GetResponse()em db.A(dD,Action`1,HttpWebRequest,dW)
2011-11-23 08:36:10,505 [S3] [4] INFO – InternalListBucketCall start,bucket:secured_bucket,prefix:,marker:,maxkeys:1,delimiter:/ 2011-11-23 08:36:11,388 [S3 ] [4] ERROR – Http响应头:x-amz-request-id:70941BB8654CE12E 2011-11-23 08 [ :36:11,392 [S3] [4] ERROR – Http响应头文件:x-amz-id-2:错误 – Http响应头文件:Transfer -Encoding:chunked 2011-11-23 08:36:11,396 [S3] [4] ERROR – Http响应头:Content-Type:application / xml 2011-11-23 08:36:11,398 [S3] [4] ERROR – Http响应头:date:2011年11月23日星期三10:36:31 GMT 2011-11-23 08:36:11,400 [S3] [4] ERROR – Http响应头:服务器:AmazonS3 2011-11-23 08: 36:11,402 [S3] [4] ERROR –
AccessDeniedAccess Denied70941BB8654CE12EJssG1wXtZSjiGO8oVb9B46NNkn24TpZToD4u / KZAFaPBFBECF7YDMPnckVpyhaDE 2011-11-23 08:36:11,404 [S3] [4] ER ROR – 内存列表桶失败:secured_bucket,前缀:,标记:,maxkeys:1,分隔符:/ CloudBerryLab.Base.Exceptions.Status403Exception访问被拒绝2011-11-23 08:36:11,407 [UI] [4]错误 – 操作完成,出错。 点击详情了解更多信息。 (string,string,FH)em kT.B ,布尔)em HW.A(String)em CloudBerryLab.Explorer.Console.Controls.PluginArea.A(Object,DoWorkEventArgs)
2011-11-23 08:36:18,776 [Base] [11] INFO – PROCESSOR_ARCHITECTURE = x86
我不是S3专家,但你有没有试过给ListAllMyBuckets特权? 我尝试从ec2实例使用s3cmd访问s3时遇到了这个问题,即使我授予了所有特权:*我必须明确地给予ListAllMyBuckets特权:
"Sid": "Stmt1397683550000", "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets" ], "Resource": [ "arn:aws:s3:::mybucketname" ]