AWS S3：访问，同时上传文件

Question

我想上传一个文件，通过PHP SDK AWS S3水桶，为了做到这一点我创建了一个IAM用户拒绝，并增加了内嵌政策

{ 
    "Version": "2012-10-17", 
    "Statement": [ 
     { 
      "Effect": "Allow", 
      "Action": [ 
       "s3:ListBucket", 
       "s3:GetBucketLocation" 
      ], 
      "Resource": "arn:aws:s3:::bucket/*" 
     }, 
     { 
      "Effect": "Allow", 
      "Action": [ 
       "s3:PutObject", 
       "s3:GetObject", 
       "s3:DeleteObject" 
      ], 
      "Resource": "arn:aws:s3:::bucket/*" 
     } 
    ] 
} 

这是我的PHP代码

$s3 = new S3Client([ 
    'version' => 'latest', 
    'region' => 'ap-south-1', 
    'credentials' => 
     array(
      'key'=>'X', 
      'secret' =>'X' 
     ) 
]); 

try { 
    $s3->putObject([ 
     'Bucket' => 'candy-prototype', 
     'Key' => 'my-object.txt', 
     'Body' => fopen('test.txt', 'r'), 
     'ACL' => 'public-read', 
    ]); 
} catch (Aws\S3\Exception\S3Exception $e) { 
    echo $e->getMessage(); 
    echo "There was an error uploading the file.\n"; 
} 

但它会抛出拒绝访问异常

Error executing "PutObject" on "https://s3.<region>.amazonaws.com/bucket/my-object.txt"; AWS HTTP 

error: Client error: PUT https://s3.ap-south-1.amazonaws.com/candy-prototype/my-object.txt resulted in a 403 Forbidden response: AccessDeniedAccess DeniedC21D9D (truncated...) AccessDenied (client): Access Denied - AccessDeniedAcces UPDATE

授予读写行政许可法到everyone，但它没有奏效。 IAM用户可以能够上传/删除AWS网络adminpanel /视图，但是API访问被拒绝

Answer 1

ListBucket & GetBucketLocation应适用于斗，不斗/ * 变化的第一部分的资源政策

{ 
     "Effect": "Allow", 
     "Action": [ 
      "s3:ListBucket", 
      "s3:GetBucketLocation" 
     ], 
     "Resource": "arn:aws:s3:::bucket" 
    }, 

参考this文档