- 最新
- 投票最多
- 评论最多
Hello.
What kind of error do you get when you try to upload specifically?
If your S3 is encrypted with a KMS key, you may find the troubleshooting methods in the documentation below useful.
In the case of an S3 bucket encrypted with KMS, you will need "kms:GenerateDataKey" and "kms:Decrypt" in the IAM policy of the IAM user.
https://repost.aws/knowledge-center/s3-access-denied-error-kms
upload failed: D:\test.txt to s3://backup/test2.txt An error occurred (AccessDenied) when calling the PutObject operation: User: arn:aws:iam:: is not authorized to perform: kms:GenerateDataKey on resource: arn:aws:kms:ap-south-1::key/ because no identity-based policy allows the kms:GenerateDataKey action
Thank you for sharing the error message. As stated in the error message, the "kms:GenerateDataKey" action is not allowed for IAM users, so please try attaching the following IAM policy to the IAM user.
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "kms:Decrypt", "kms:GenerateDataKey", "s3:PutObject" ], "Resource": "*", "Effect": "Allow", "Sid": "SamplePolicy" } ] }
From the error you provided, your IAM user doesn't have rights to the kms:GenerateDataKey
You'll need to add rights to your IAM user to use KMS api and check key policy also, that you have rights to use that exact key.
相关内容
AWS 官方已更新 1 年前
could you Verify that you are providing the correct encryption parameters when uploading the file to the encrypted S3 bucket. If server-side encryption is enabled on the bucket, you may need to specify the appropriate encryption option (--sse, --sse-c, --sse-kms, etc.) when uploading the file.
Could you provide more details for a more structured answer, which encryption are you using? SSE-S3? SSE-KMS? Which CLI command are you giving? What's the error you got? Are you specifying the encryption key in the put-object request? Does your user/role have access to KMS?
i am using this command. aws s3 cp test.txt s3://backup/