问题
I'm trying these policy through console.aws.amazon.com on my buckets:
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::itnighq",
"Condition": {}
},
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectAclVersion"
],
"Resource": "arn:aws:s3:::itnighq/*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*",
"Condition": {}
}
]
}
But I'm getting this error message: Policy has invalid action - s3:ListAllMyBuckets It doesn't seem to like "Resource": "*" , I've also tried to use **arn:aws:s3:::****, but it doesn't work either.
Anyone has any clue?
回答1:
As zdev mentioned, you need to do this for the IAM. Go to the IAM console and navigate to Users > Permissions > Inline policies > Create > Custom, and enter this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
回答2:
I figured out myself. It needs to be done in the IAM, not in S3 itself...
回答3:
@dnlbrky You need to do this by setting the policy on for the IAM user/group/role and set it by either using the AWS console for the IAM user/group or by calling put_[role/user/group]_policy boto API call.
来源:https://stackoverflow.com/questions/13643058/s3-policy-has-invalid-action-s3listallmybuckets