2 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
Hello,
The policy you shared seems to be attached to an identity and not the S3 Bucket. To ensure that the entity can upload objects, explicit denies are not allowed. Make sure that the identity does not have any Permission Boundaries, SCP, and the Bucket Policy does not explicitly deny the action.
If you have added access points to the bucket and only restricted access to these, make sure that you try to access the bucket through these endpoints.
con risposta un mese fa
0
It look to me as if you are only allowing the bucket to be listed, not it's sub-folders. Move would need to list in the sub-folders too. You should update your policy as:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::tmbile",
"arn:aws:s3:::tmbile/*"
],
"Condition": {
"StringLike": {
"s3:prefix": [
"public/*"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::tmbile/public/*"
}
]
}
I have not tested this - but I believe this should work...
`
Contenuto pertinente
- AWS UFFICIALEAggiornata 9 mesi fa
- AWS UFFICIALEAggiornata 9 mesi fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 7 mesi fa