我有2个AWS账户。帐户A具有S3存储桶'BUCKET',其中我使用Java API放置文件。我已将“BUCKET”政策配置为允许跨帐户文件发布。 但是,当我尝试从帐户A打开此文件时,它说AccessDenied
访问被hostId和requestId拒绝。跨账户中的亚马逊S3文件'拒绝访问'异常
此文件通过帐户B使用java api发布,并且此文件具有与通过api发布的文件相同的大小。我试图更改文件大小,新的大小显示在AWS S3控制台上。 这里是我的斗政策:
{
"Version": "2008-10-17",
"Id": "Policy1357935677554",
"Statement": [
{
"Sid": "Stmt1357935647218",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::ACCOUNTB:user/accountb-user"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::bucket-name"
},
{
"Sid": "Stmt1357935676138",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::ACCOUNTB:user/accountb-user"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::bucket-name/*"
},
{
"Sid": "Stmt1357935676138",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::ACCOUNTB:user/accountb-user"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket-name/*"
},
{
"Sid": "Stmt1357935647218",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::ACCOUNTA:user/accounta-user"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::bucket-name"
},
{
"Sid": "Stmt1357935676138",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::ACCOUNTA:user/accounta-user"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket-name/*"
},
{
"Sid": "Stmt1357935676138",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::ACCOUNTA:root"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket-name/*"
}
]
}
问题是,当我尝试下载/打开从帐户A这个文件,我无法将其打开。
您是否设法解决了问题?我也有这个问题。 – rastacide
是的,你需要使用's3Client.putObject(new PutObjectRequest(bucket,key,inputFile).withAccessControlList(acl))' – user954134