AWS S3 Bucket Permissions - Access Denied

后端 未结 9 509
独厮守ぢ
独厮守ぢ 2020-12-30 19:12

I am trying to give myself permission to download existing files in an S3 bucket. I\'ve modified the Bucket Policy, as follows:

        {
        \"Sid\": \"         


        
相关标签:
9条回答
  • 2020-12-30 19:49

    To clarify: It is really not documented well, but you need two access statements.

    In addition to your statement that allows actions to resource "arn:aws:s3:::bucketname/AWSLogs/123123123123/*", you also need a second statement that allows ListBucket to "arn:aws:s3:::bucketname", because internally the Aws client will try to list the bucket to determine it exists before doing its action.

    With the second statement, it should look like:

    "Statement": [
        {
            "Sid": "someSID",
            "Action": "ActionThatYouMeantToAllow",
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::bucketname/AWSLogs/123123123123/*",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::123123123123:user/myuid"
                ]
        },
        {
            "Sid": "someOtherSID",
            "Action": "ListBucket",
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::bucketname",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::123123123123:user/myuid"
                ]
        }
    ]
    

    Note: If you're using IAM, skip the "Principal" part.

    0 讨论(0)
  • 2020-12-30 19:52

    Possible reason: if files have been put/copy by another AWS Account user then you can not access the file since still file owner is not you. The AWS account user who has been placed files in your directory has to grant access during a put or copy operation.

    For a put operation, the object owner can run this command:

    aws s3api put-object --bucket destination_awsexamplebucket --key dir-1/my_images.tar.bz2 --body my_images.tar.bz2 --acl bucket-owner-full-control
    

    For a copy operation of a single object, the object owner can run one of these commands:

    aws s3api copy-object --bucket destination_awsexammplebucket --key source_awsexamplebucket/myobject --acl bucket-owner-full-control
    

    ref : AWS Link

    0 讨论(0)
  • 2020-12-30 19:53

    Step 1

    Click on your bucket name, and under the permissions tab, make sure that Block new public bucker policies is unchecked

    Step 2

    Then you can apply your bucket policy

    Hope that helps

    0 讨论(0)
提交回复
热议问题