2回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
Hello,
The policy you shared seems to be attached to an identity and not the S3 Bucket. To ensure that the entity can upload objects, explicit denies are not allowed. Make sure that the identity does not have any Permission Boundaries, SCP, and the Bucket Policy does not explicitly deny the action.
If you have added access points to the bucket and only restricted access to these, make sure that you try to access the bucket through these endpoints.
回答済み 1ヶ月前
0
It look to me as if you are only allowing the bucket to be listed, not it's sub-folders. Move would need to list in the sub-folders too. You should update your policy as:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::tmbile",
"arn:aws:s3:::tmbile/*"
],
"Condition": {
"StringLike": {
"s3:prefix": [
"public/*"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::tmbile/public/*"
}
]
}
I have not tested this - but I believe this should work...
`