2 Antworten
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
2
Probably the IAM policy has problem. Would you modify as below?
before
PolicyDocument:
Statement:
- Effect: Allow
Action:
- s3:List
- s3:GetObject
- s3:GetObjectAcl
- s3:ListObjectsV2
- s3:PutObjectAcl
- s3:PutObject
- s3:ListObjects
Resource: "arn:aws:s3:::sc-xxxxxxxxxxxxxxx-pp-o7dyvm3xd-configurestorebucket-4vtqanfcbcl0"
after
PolicyDocument:
Statement:
- Effect: Allow
Action:
- s3:ListBucket
- s3:GetObject
- s3:GetObjectAcl
- s3:PutObjectAcl
- s3:PutObject
Resource:
- "arn:aws:s3:::sc-xxxxxxxxxxxxxxx-pp-o7dyvm3xd-configurestorebucket-4vtqanfcbcl0"
- "arn:aws:s3:::sc-xxxxxxxxxxxxxxx-pp-o7dyvm3xd-configurestorebucket-4vtqanfcbcl0/*"
It's complicated, but there is not ListObjects
in S3 actions and ListBucket
is the corresponding action.
Resources for GetObject
have to specify objects, not a bucket.
beantwortet vor einem Jahr
1
Your IAM policy allows access to the bucket but not to the objects in the bucket. You'll need to add an additional resource which is "arn:aws:s3:::sc-xxxxxxxxxxxxxxx-pp-o7dyvm3xd-configurestorebucket-4vtqanfcbcl0/*"
This blog post may also assist here.
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 3 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr