如何解决如何在启用了ACL的S3存储桶上运行ls
我已经创建了一个IAM角色并将其附加到实例,希望登录该实例的任何人都可以在启用ACL的s3存储桶中上载,下载和列出文件。 mv和cp可以工作,但是使用aws s3 ls我得到一个错误:调用ListBuckets操作时发生客户端错误(AccessDenied):访问被拒绝 我猜我使用ls命令的方式有问题(因为我们现在启用了ACL)。我的IAM政策在下面,请问有人可以阐明吗?谢谢
{
"Version": "2012-10-17","Statement": [
{
"Sid": "statement1","Effect": "Allow","Action": "s3:*","Resource": [
"arn:aws:s3:::awsexamplebucket1/*"
],"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}
解决方法
<div id="myModal" class="modal fade" role="dialog">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Ngarkoni dokumenta</h4>
</div>
<div class="modal-body">
@using (Html.BeginForm("Create","NgarkoDokument",FormMethod.Post,new { enctype = "mulptiple/form-data" }))
{
@Html.AntiForgeryToken()
<div class="form-group">
<label for="exampleFormControlSelect1">Lloji i dokumentit</label><br />
<select title="Lloji i dokumentit" name="lloji" class="form-control col-md-3 box" id="tipiDropdown"> </select>
<input type="button" title="Ngarko dokument" name="ngarko" value="Ngarko" id="uploadPop" class="btn btn-info col-md-3" onclick="document.getElementById('file').click();" />
<input type="file" onchange="javascript: updateList()" multiple="multiple" style="display:none;" id="file" name="postedFiles" />
<div id="fileList"></div>
</div>
<br /><br />
<div class="form-group">
<label for="formGroupExampleInput">Fusha indeksimi</label> <br />
@*<input title="Indeksimi dokumentit" id="indeksimi" class="form-control col-md-3" type="text" name="indeksimi" placeholder="indeksimi" required />*@
@Html.TextBoxFor(a => a.Fusha_Indeksimit.Emri_Indeksimit,new { @class = "form-control",@placeholder = "indeksimi" })
<button title="Shto indeksim" id="modalPlus" type="submit" class="btn btn-info"><i class="glyphicon glyphicon-plus"></i></button>
</div>
<label for="formGroupExampleInput">Vendndodhja fizike e dokumentit</label><br>
<div id="zyraModal" class="form-group col-md-4">
@*<input title="Zyra fizike" id="zyra" class="form-control" type="text" name="zyra" placeholder="Zyra" />*@
@Html.TextBoxFor(a => a.Vendndodhja_fizike.Zyra,@placeholder = "Zyra" })
</div>
<div class="form-group col-md-4">
@* <input title="Kutia fizike" id="kutia" class="form-control" type="number" name="kutia" placeholder="Nr i kutisë" />*@
@Html.TextBoxFor(a => a.Vendndodhja_fizike.Nr_Kutise,@placeholder = "Nr i kutisë" })
</div>
<div class="form-group col-md-4">
@* <input title="Rafti fizik" id="rafti" class="form-control" type="text" name="rafti" placeholder="Rafti" />*@
@Html.TextBoxFor(a => a.Vendndodhja_fizike.Rafti,@placeholder = "Rafti" })
</div>
<br /><br />
<div class="row" id="ruaj">
<button value="Create" title="Ruaj dokumentin" type="submit" class="btn btn-success">Ruaj</button>
</div>
}
</div>
</div>
权限需要在实际存储桶本身而不是其中的项目上指定。
您需要在IAM策略中创建两个单独的ListBucket:一个适用于存储桶本身(Statements),另一个仅适用于存储桶中的物品({{1 }}。
像这样构造您的IAM政策:
s3:ListBucket有关示例,请参见this page in the AWS documentation。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。