Question

我正在尝试通过php sdk将文件上传到AWS s3存储桶，为此，我创建了一个IAM用户并添加了内联策略

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::bucket/*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::bucket/*"
        }
    ]
}

这是我的PHP代码

$s3 = new S3Client([
    'version' => 'latest',
    'region'  => 'ap-south-1',
    'credentials' =>
        array(
            'key'=>'X',
            'secret'  =>'X'
       )
]);

try {
    $s3->putObject([
        'Bucket' => 'candy-prototype',
        'Key'    => 'my-object.txt',
        'Body'   => fopen('test.txt', 'r'),
        'ACL'    => 'public-read',
    ]);
} catch (Aws\S3\Exception\S3Exception $e) {
    echo $e->getMessage();
    echo "There was an error uploading the file.\n";
}

但它会抛出访问被拒绝的异常

Error executing "PutObject" on "https://s3.<region>.amazonaws.com/bucket/my-object.txt"; AWS HTTP
错误：客户端错误：PUT https://s3.ap-south-1.amazonaws.com/candy-prototype/my-object.txt 导致403 Forbidden响应：AccessDeniedAccess DeniedC21D9D（截断...）AccessDenied（客户端）：访问被拒绝 - AccessDeniedAcces 的更新

授予对everyone的读写权限，但它不起作用。 IAM用户可以从aws web adminpanel上传/删除/查看，但api访问被拒绝

Answer 1

ListBucket＆amp; GetBucketLocation应该应用于存储桶，而不是存储桶/ * 更改策略第一部分中的资源

{
        "Effect": "Allow",
        "Action": [
            "s3:ListBucket",
            "s3:GetBucketLocation"
        ],
        "Resource": "arn:aws:s3:::bucket"
    },

参考this文档

AWS s3：上传文件时访问被拒绝

1 个答案: