1 Respuesta
- Más nuevo
- Más votos
- Más comentarios
0
Hello,
Can you try the below
- Assign a S3 bucket policy as below example policy that allows the ec2 instance to write.
- If you already have a role assigned to ec2 then you can use the same in the policy, else create new assume role for ec2 and assign that role to ec2 and use that role arn in below policy.
- the second statement in the policy is basically a best practice to allow only https (not related to the error you are facing)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789:role/role_that_is_assigned_to_ec2"
},
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::bucket-name",
"arn:aws:s3:::bucket-name/*"
]
},
{
"Sid": "RestrictToTLSRequestsOnly",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::bucket-name",
"arn:aws:s3:::bucket-name/*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
respondido hace un año
Contenido relevante
- OFICIAL DE AWSActualizada hace 3 años
- OFICIAL DE AWSActualizada hace 8 meses
Have you associated an IAM role to the ec2 instance allowing PutObject permission on the bucket?