亚马逊网络服务S3批处理操作被拒绝访问
亚马逊网络服务S3批处理操作被拒绝访问
提问于 2020-01-30 21:08:17
我在源存储桶中创建了如下存储桶策略
"Version": "2012-10-17",
"Statement": [
{
"Sid": "kvmweivdgd",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::xxxxxxxxxxxx:role/cfn-batch-copy-role"
},
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetObjectAcl",
"s3:GetObjectTagging",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Resource": "arn:aws:s3:::sourcebucket/*"
}
]
}以下策略附加到目标帐户的IAM角色
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "E28BGI8FL0HF59",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectVersionAcl",
"s3:PutObjectAcl",
"s3:PutObjectVersionTagging",
"s3:PutObjectTagging",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetObjectAcl",
"s3:GetObjectTagging",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::destinationbucket/*",
"arn:aws:s3:::sourcebucket/*",
"arn:aws:s3:::manifestbucket/*",
"arn:aws:s3:::jobreportbucket/*"
]
}
]
}但是亚马逊网络服务的S3批处理操作抛出了访问被拒绝。对于这里可能出现的问题,您有什么想法吗?
回答 1
Stack Overflow用户
发布于 2020-01-30 21:29:03
您需要将以下信任策略附加到IAM角色,以允许亚马逊S3批处理操作服务主体承担该角色。
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Principal":{
"Service":"batchoperations.s3.amazonaws.com"
},
"Action":"sts:AssumeRole"
}
]
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/59986773
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号