- 最新
- 投票最多
- 评论最多
Hello. have you set the bucket policy? you need to specify the principal and effect of that ie s3:getobject and the resources e.g yourbucket/* meaning you can see and get the object. that's what i think is missing. Here is an example of a bucket policy using a policy generator from your s3 bucket console in the permissions tab ->edit policy and then click on the policy generator, make sure u copy the ARN as well which you will use to paste in the generator.
{ "Id": "Policy1692788816796", "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1692788810811", "Action": [ "s3:GetObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::animals/", "Principal": "" } ] }
There are few things, that you need to make sure of and are as below:
- Your IAM role/user has access to that s3 bucket and it's objects through identity based policies
- There should not be explicit deny at bucket policy, if there is any explicit deny at bucket level, then also you'll not be able to access the bucket object.
- If s3 bucket is SSE-KMS CMK encrypted, make sure your IAM user/role has access to that KMS key
- There is no explicit deny at KMS key policy
Once you make sure of all the above points, you should be good.
相关内容
AWS 官方已更新 1 年前- AWS 官方已更新 1 年前
