1 回答
- 最新
- 投票最多
- 评论最多
0
Hello,
Can you try the below
- Assign a S3 bucket policy as below example policy that allows the ec2 instance to write.
- If you already have a role assigned to ec2 then you can use the same in the policy, else create new assume role for ec2 and assign that role to ec2 and use that role arn in below policy.
- the second statement in the policy is basically a best practice to allow only https (not related to the error you are facing)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789:role/role_that_is_assigned_to_ec2"
},
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::bucket-name",
"arn:aws:s3:::bucket-name/*"
]
},
{
"Sid": "RestrictToTLSRequestsOnly",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::bucket-name",
"arn:aws:s3:::bucket-name/*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
已回答 1 年前
相关内容
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 3 年前
Have you associated an IAM role to the ec2 instance allowing PutObject permission on the bucket?