s3 no sign request didn't work

0

I use aws s3 --no-sign-request --region us-west-2 ls s3://aws-cloudtrail-logs-01-*******, An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied. but aws s3 ls working. why?

已提问 3 年前3111 查看次数
2 回答
1

AWS has the ability to generate a policy based on CloudTrail logs, which you obviously are using. See the following documentation on how to use that. https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-generation.html Hope this helps.

(Should have posted this as an answer. Sorry.)

已回答 3 年前
0

Do you have the bucket configured for public read access? The --no-sign-request is doing just that, not using credentials to sign the request. This means that the bucket and/or its objects need to be configured to allow public access. There are a number of ways to do this as described in this AWS Support post How can I grant public read access to some objects in my Amazon S3 bucket?.

I must add that AWS strongly discourages making buckets public except in some specific use-cases such as setting permissions for website access.

For your example you would need to

  1. Disable block public access settings for your bucket.
  2. Add a bucket policy like:
{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"PublicObjectRead",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject","s3:GetObjectVersion"],
      "Resource":["arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"]
    },
   {
      "Sid":"PublicBucketList",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:ListBucket"],
      "Resource":["arn:aws:s3:::DOC-EXAMPLE-BUCKET"]
    }
   ]
}

Note that s3:ListBucket is the IAM permission needed to call the S3 API function ListObjectsV2

This will allow listing the contents of the bucket.

$ aws s3 ls s3://DOC-EXAMPLE-BUCKET

and reading all objects from the bucket:

$ aws s3 cp s3://DOC-EXAMPLE-BUCKET/someobject ./someobject
AWS
Scott_K
已回答 3 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则