Access Denied upload to s3

前端 未结 3 1784
渐次进展
渐次进展 2021-02-19 01:16

I tried uploading to s3 and when I see the logs from the s3 bucket logs this is what it says:

mybucket-me [17/Oct/2013:08:18:57 +0000] 120.28.112.39 
arn:aws:sts         


        
3条回答
  •  慢半拍i
    慢半拍i (楼主)
    2021-02-19 01:51

    You can attach the following policy to the bucket:

    {
        "Version": "2008-10-17",
        "Id": "Policy1358656005371",
        "Statement": [
            {
                "Sid": "Stmt1354655992561",
                "Effect": "Allow",
                "Principal": {
                    "AWS": [
                        "arn:aws:sts::778671367984:federated-user/dean@player.com"                  
                    ]
                },
                "Action": [
                    "s3:List*",
                    "s3:Get*"
                ],
                "Resource": [
                    "arn:aws:s3:::my.bucket",
                    "arn:aws:s3:::my.bucket/*"
                ]
            }
        ]
    }
    

    to grant the federated user dean@player.com read-only permissions to 'my.bucket'.

    This policy is not very maintainable because it names this user in particular. To give access to only certain federated users in a more scalable way, it would be better to do this when you call GetFederationToken. If you post your STS code I can help you assigning the policy there, but it is very similar to the above.

提交回复
热议问题