我正在尝试使用此命令来设置静态网站托管:
aws s3api put-bucket-website --bucket XXXX --website-configuration file://assets/website.json
website.json
{
"IndexDocument": {
"Suffix": "index.html"
},
"ErrorDocument": {
"Key": "index.html"
}
}
存储桶策略
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::XXXX/*"
}
]
}
我遇到了错误:
调用PutBucketWebsite操作时发生错误(AccessDenied):访问被拒绝
我应该在存储桶策略中进行哪些更改?
答案 0 :(得分:1)
此PUT操作需要 S3:PutBucketWebsite 权限:
添加存储桶策略:
aws s3api put-bucket-policy \
--bucket XXXX \
--policy file://s3-bucket-policy.json
s3-bucket-policy.json:
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::XXXX/*"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"S3:PutBucketWebsite"
],
"Resource": "arn:aws:s3:::XXXX"
}
]
}
设置静态网站托管
aws s3api put-bucket-website \
--bucket XXXX \
--website-configuration file://website.json
website.json
{
"IndexDocument": {
"Suffix": "index.html"
},
"ErrorDocument": {
"Key": "index.html"
}
}
答案 1 :(得分:0)
您的存储桶策略仅允许您执行GET操作,但您想执行PUT操作。
就像您提到的那样,您的IAM似乎具有管理员权限和完全的S3访问权限,但是您没有对该特定存储桶的存储桶级别访问权限。
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:GetObject",
"s3:PutObject
],
"Resource": "arn:aws:s3:::XXXX/*"
},
{
"Sid": "AllowPutBucket",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::bucketname",
"arn:aws:s3:::bucketname/*"
]
}
]
}