gpt4 book ai didi

amazon-s3 - Boto 无法使用 S3 IAM 角色进行身份验证

转载 作者:行者123 更新时间:2023-12-04 04:49:33 24 4
gpt4 key购买 nike

我有一个名为 Role1 的角色。该角色应用了以下策略。

我有一个 ec2 实例,它的 IAM 角色为 Role1。

当我尝试 conn.get_bucket('fooo_udata') 时,我返回了 403 错误。

关于这个的任何想法?

  {
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListAllMyBuckets"],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": ["s3:ListBucket","s3:GetBucketLocation","s3:*"],
"Resource": ["arn:aws:s3:::fooo_uadata/","arn:aws:s3:::fooo_uadata/*"]
},
{
"Effect": "Allow",
"Action": ["s3:PutObject","s3:GetObject","s3:DeleteObject"],
"Resource": ["arn:aws:s3:::fooo_uadata/","arn:aws:s3:::fooo_uadata/*"]
}
]
}

最佳答案

我认为您不想在存储桶策略中包含“/”字符。所以,尝试改变:

{
"Effect": "Allow",
"Action": ["s3:ListBucket","s3:GetBucketLocation","s3:*"],
"Resource": ["arn:aws:s3:::fooo_uadata/","arn:aws:s3:::fooo_uadata/*"]
},

对此:
{
"Effect": "Allow",
"Action": ["s3:ListBucket","s3:GetBucketLocation","s3:*"],
"Resource": ["arn:aws:s3:::fooo_uadata","arn:aws:s3:::fooo_uadata*"]
},

由于您的存储桶名称是 foo_uadata不是 foo_uadata/ .

关于amazon-s3 - Boto 无法使用 S3 IAM 角色进行身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/17623273/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com