2 個答案
- 最新
- 最多得票
- 最多評論
0
Hello,
The policy you shared seems to be attached to an identity and not the S3 Bucket. To ensure that the entity can upload objects, explicit denies are not allowed. Make sure that the identity does not have any Permission Boundaries, SCP, and the Bucket Policy does not explicitly deny the action.
If you have added access points to the bucket and only restricted access to these, make sure that you try to access the bucket through these endpoints.
已回答 1 個月前
0
It look to me as if you are only allowing the bucket to be listed, not it's sub-folders. Move would need to list in the sub-folders too. You should update your policy as:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::tmbile",
"arn:aws:s3:::tmbile/*"
],
"Condition": {
"StringLike": {
"s3:prefix": [
"public/*"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::tmbile/public/*"
}
]
}
I have not tested this - but I believe this should work...
`
相關內容
- AWS 官方已更新 3 年前
- AWS 官方已更新 2 年前