如何解决S3 存储桶策略“拒绝”覆盖“允许”
{
"Version": "2012-10-17","Statement": [
{
"Sid": "Allow-role","Effect": "Allow","Principal": {
"AWS": "arn:aws:iam::*******:role/task-role"
},"Action": "s3:*","Resource": "arn:aws:s3:::test-s3/ln/**"
},{
"Sid": "Allow-ipaddress","Effect": "Deny","NotPrincipal": {
"AWS": "arn:aws:iam::*******:role/task-role"
},"Resource": "arn:aws:s3:::test-s3/ln/**","Condition": {
"NotIpAddress": {
"aws:SourceIp": "*.*.*.*/*"
}
}
}
]
}
我拥有允许 S3 存储桶中的所有操作的任务角色。但是在访问存储桶时出现访问被拒绝错误。我怀疑拒绝操作会阻止访问,但不知道原因是因为 仅当角色不是任务角色时才应拒绝。
exception is""Unable to create ln/list/B001480_5060854444548_response.xml on S3","loggerName": "c.v.ln.utill.S3BucketHandler","level": "ERROR","exception":
"software.amazon.awssdk.services.s3.model.S3Exception: Access Denied
(Service: S3,Status Code: 403,Request ID: 9JJ3FHFYF6TTYHFKWNZZ,Extended Request ID: S+r7z2sJL2ugf1+ldkjfglskgs=)\n\ta
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。