添加S3 Bucket Policy导致S3复制失败。
0
【以下的问题经过翻译处理】 大家好, 有人能帮我处理以下的情况吗? 我想让我的桶仅能从特定的IP地址访问,否则就拒绝访问。我设置了S3桶策略如下:
{
"Version": "2012-10-17",
"Id": "S3PolicyId1",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::DOC-EXAMPLE-BUCKET",
"arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"
],
"Condition": {
"NotIpAddress": {
"aws:SourceIp": "x.x.x.x"
},
"Bool":{
"aws:ViaAWSService":"false"
}
}
}
]
}
对于S3复制,我按照AWS文档设置了S3复制规则,通过设置策略并将其附加到IAM角色,如下所示:
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Principal":{
"Service":"s3.amazonaws.com"
},
"Action":"sts:AssumeRole"
}
]
}
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Resource":[
"arn:aws:s3:::SourceBucket"
]
},
{
"Effect":"Allow",
"Action":[
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Resource":[
"arn:aws:s3:::SourceBucket/*"
]
},
{
"Effect":"Allow",
"Action":[
"s3:ReplicateObject",
"s3:ReplicateDelete",
...
1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
0
【以下的回答经过翻译处理】 你是否尝试在桶策略中明确允许用于复制的角色?像这样:
“Condition”:{
“NotIpAddress”:{
“aws:SourceIp”:“x.x.x.x”
},
“Bool”:{
“aws:ViaAWSService”:“false”
},
“ArnNotEquals”:{
“aws:PrincipalArn”:“arn:aws:iam :: <account id>:role / service-role / <role name>”
}
}
Relevanter Inhalt
AWS OFFICIALAktualisiert vor 2 Jahren- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 9 Monaten