我已关注this blog,以便使用Web Identity Federation设置我的AWS IAM和S3帐户 . 我能够验证和接收会话凭证和令牌都很好 . 我也可以下载和上传对象 . 但是,我得到了:
访问被拒绝
在以下ListMultipartUploads请求中:
var request = new ListMultipartUploadsRequest()
{
BucketName = bucketName,
Prefix = $"{UserId}/"
};
var response = await s3Client.ListMultipartUploadsAsync(request);
附加到我的IAM角色的访问策略是:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::mybucket/${myidentityprovider:userId}/*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::mybucket"
],
"Condition": {
"StringLike": {
"s3:prefix": "${myidentityprovider:userId}/"
}
}
}
]
}
如您所见,我拥有“s3:ListBucketMultipartUploads”权限,因此用户应该能够在其存储桶上执行ListMultiPartUploads . 我究竟做错了什么?
1 回答
我在你的前缀语句中看到一个错误,
它需要是一个数组,