发表新帖
发表新帖

AWS S3 Bucket Permissions - Access Denied

后端 未结
关注
9 508
独厮守ぢ
独厮守ぢ 2020-12-30 19:12

I am trying to give myself permission to download existing files in an S3 bucket. I\'ve modified the Bucket Policy, as follows:

        {
        \"Sid\": \"
相关标签:
9条回答
  • 青春惊慌失措
    2020-12-30 19:35

    Giving public access to Bucket to add policy is NOT A RIGHT way. This exposes your bucket to public even for a short amount of time.

    You will face this error even if you are admin access (Root user will not face it) According to aws documentation you have to add "PutBucketPolicy" to you IAM user.

    So Simply add a S3 Policy to you IAM User as in below screenshot , mention your Bucket ARN for make it safer and you don't have to make you bucket public again.

    0 讨论(0)
  • 时光取名叫无心
    2020-12-30 19:38

    for show website static in s3:

    This is bucket policies:

    {
  "Version":"2012-10-17",
  "Statement":[{
  "Sid":"PublicReadGetObject",
    "Effect":"Allow",
  "Principal": "*",
  "Action":["s3:GetObject"],
  "Resource":["arn:aws:s3:::example-bucket/*"
  ]
  }
]
}
    0 讨论(0)
  • 孤城傲影
    2020-12-30 19:40

    Use below method for uploading any file for public readable form using TransferUtility in Android.

    transferUtility.upload(String bucketName, String key, File file, CannedAccessControlList cannedAcl)

    Example

    transferUtility.upload("MY_BUCKET_NAME", "FileName", your_file, CannedAccessControlList.PublicRead);
    0 讨论(0)
  • 清歌不尽
    2020-12-30 19:41

    Change resource arn:aws:s3:::bucketname/AWSLogs/123123123123/* to arn:aws:s3:::bucketname/* to have full rights to bucketname

    0 讨论(0)
  • 被撕碎了的回忆
    2020-12-30 19:42

    David, You are right but I found that, in addition to what bennie said below, you also have to grant view (or whatever access you want) to 'Authenticated Users'. enter image description here

    But a better solution might be to edit the user's policy to just grant access to the bucket:

    {
   "Statement": [
    {
      "Sid": "Stmt1350703615347",
      "Action": [
        "s3:*"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::mybucket/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": ["arn:aws:s3:::mybucket"],
      "Condition": {}
    }
  ]
}

    The first block grants all S3 permissions to all elements within the bucket. The second block grants list permission on the bucket itself.

    0 讨论(0)
  • 孤街浪徒
    2020-12-30 19:45

    Go to this link and generate a Policy. In the Principal field give *

    In the Actions set the Get Objects

    Give the ARN as arn:aws:s3:::<bucket_name>/*

    Then add statement and then generate policy, you will get a JSON file and then just copy that file and paste it in the Bucket Policy.

    For More Details go here.

    0 讨论(0)
 看不清?
提交回复
热议问题