2 Respuestas
- Más nuevo
- Más votos
- Más comentarios
0
Hello,
The policy you shared seems to be attached to an identity and not the S3 Bucket. To ensure that the entity can upload objects, explicit denies are not allowed. Make sure that the identity does not have any Permission Boundaries, SCP, and the Bucket Policy does not explicitly deny the action.
If you have added access points to the bucket and only restricted access to these, make sure that you try to access the bucket through these endpoints.
respondido hace un mes
0
It look to me as if you are only allowing the bucket to be listed, not it's sub-folders. Move would need to list in the sub-folders too. You should update your policy as:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::tmbile",
"arn:aws:s3:::tmbile/*"
],
"Condition": {
"StringLike": {
"s3:prefix": [
"public/*"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::tmbile/public/*"
}
]
}
I have not tested this - but I believe this should work...
`
Contenido relevante
- OFICIAL DE AWSActualizada hace 7 meses
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 9 meses
- OFICIAL DE AWSActualizada hace un año