在假设角色后尝试将对象放入另一个帐户的S3存储桶时,我看到以下错误 . 但是我能够列出桶下的所有对象 .
“errorMessage”:“调用PutObject操作时发生错误(AccessDenied):Access Denied”,“errorType”:“ClientError”,botocore.exceptions.ClientError:调用PutObject操作时发生错误(AccessDenied):拒绝访问
Code
session_assumed = aws_session(role_arn=ROLE_ARN, session_name='my_lambda')
bucket = '<bucket name>'
bucket_resource = session_assumed.resource('s3').Bucket(bucket)
// The below works - able to read values from the bucket
for object in bucket_resource.objects.all():
print(' object value = {}'.format(object.key))
// the below does not work
bucket_resource.put_object(Key='<key>', Body=b'Hello World!')
我检查了其他帐户中存在的假定角色的策略文档,它似乎提供了对s3的完全访问权限
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "<sid name>",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::<bucket name>-*"
}
]
}
EDIT : Working Code
d0_bucket_resource.put_object(Key='<key>', Body=b'Hello World!',ServerSideEncryption='AES256')