By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

S3预签名URL访问被拒绝。

0

【以下的问题经过翻译处理】 Hi Team,

我有一个应用程序IAM用户,拥有S3FullAccess权限。

我使用这个用户的访问密钥AK和秘密访问密钥SK,创建了一个s3 resigned URL用于getObject动作,当我在浏览器上复制生成的预签名URL时,我会收到一个错误消息:

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId> HFDGssffscSDQ4DEF </RequestId>
<HostId> OXsT4/6tYWsdssyo0dxtFa7sdsdsThdFqsdsd4L+9CmiKP2tFyGsdsL8Pr0E0rkDgzHsddsMjdsdsdwc=</HostId>
</Error>

我不确定为什么用户拥有正确的权限,也被拒绝访问?

默认加密(已启用)= AWS密钥管理服务密钥(SSE-KMS)

该如何处理?谢谢

Topics
Management & GovernanceSecurity, Identity, & ComplianceStorage
Tags
AWS Account ManagementIAM Policiespresigned URLS3 Object Lock
Language
中文 (简体)
profile picture
EXPERT
rePost Polyglot
asked 5 months ago62 views
1 Answer
0

【以下的回答经过翻译处理】 我通过向应用用户添加KMS密钥权限解决问题,这些密钥是用于加密S3桶里面的文件:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
            ],
            "Resource": "arn:aws:kms:ca-region:12457989948784:key/abcde1111-7b212154-xdxsddxzsdf545sz",
            "Effect": "Allow"
        }
    ]
}
profile picture
EXPERT
rePost Polyglot
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content