2개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hello,
The policy you shared seems to be attached to an identity and not the S3 Bucket. To ensure that the entity can upload objects, explicit denies are not allowed. Make sure that the identity does not have any Permission Boundaries, SCP, and the Bucket Policy does not explicitly deny the action.
If you have added access points to the bucket and only restricted access to these, make sure that you try to access the bucket through these endpoints.
답변함 한 달 전
0
It look to me as if you are only allowing the bucket to be listed, not it's sub-folders. Move would need to list in the sub-folders too. You should update your policy as:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::tmbile",
"arn:aws:s3:::tmbile/*"
],
"Condition": {
"StringLike": {
"s3:prefix": [
"public/*"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::tmbile/public/*"
}
]
}
I have not tested this - but I believe this should work...
`
관련 콘텐츠
- 질문됨 8달 전
- AWS 공식업데이트됨 2년 전