微信公众号搜"智元新知"关注
微信扫一扫可直接关注哦!

无服务器 s3 AccessDenied

分类:编程问答

如何解决无服务器 s3 AccessDenied

在这个问题上花了几个小时,但不明白为什么 Access Denied

这里是我对应的 serverless.yml 部分

provider:
        name: aws
        runtime: nodejs12.x
        region: eu-central-1
        environment:
                STAGE: ${opt:stage,self:provider.stage}
        iamRoleStatements:
                - Effect: Allow
                  Action:
                          - s3:Getobject
                          - s3:PutObject
                  Resource:
                          - arn:aws:s3:::<bucket-1>/*
                          - arn:aws:s3:::<bucket-2>/*
                - Effect: Allow
                  Action:
                          - s3:ListBucket
                  Resource:
                          - arn:aws:s3:::<bucket-1>
                          - arn:aws:s3:::<bucket-2>

然后运行

return s3DataProvider.upload({
    Bucket: store.bucket,ACL: 'public-read',Body: sm.toString(),Key: `front/${process.env.STAGE}/sitemap.xml`,ContentType: 'text/xml'
}).promise()

其中 store.bucket 是由 <bucket-1><bucket-2>

我一直都有

ERROR   AccessDenied: Access Denied
    at Request.extractError (/var/task/node_modules/aws-sdk/lib/services/s3.js:837:35)
    at Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
    at Request.emit (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/var/task/node_modules/aws-sdk/lib/request.js:688:14)
    at Request.transition (/var/task/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/var/task/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /var/task/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:690:12)
    at Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:116:18) {
  code: 'AccessDenied',region: null,time: 2021-01-25T21:48:47.259Z,requestId: '546A64CC9D503FA8',extendedRequestId: 'hoRF0wDih8jrimR7Ew0ajMhgf4qQ88DCXjWM6bdd1CUsP+9OdpnkiXwZz1UFAK+s7L/clFH4U2c=',cfId: undefined,statusCode: 403,retryable: false,retryDelay: 24.899574651815936
}

解决方法

我不是 100% 肯定,但我猜您的设置中缺少 s3:PutObjectAcl 作为对象的公共读取。

编辑:可能是安全的并授予s3:GetObjectAcl。可以在此处找到许多讨论和类似问题:Getting Access Denied when calling the PutObject operation with bucket-level permission

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。

苹果市值2025年有望达4万亿美元
pythonJavaScriptjavaHTMLPHPreactjsC#AndroidCSSNode.jssqlrpython-3.xMysqLjQueryc++pandasFlutterangularIOSdjangolinuxswifttypescript路由器JSON路由器设置无线路由器h3c华三华三路由器设置华三路由器电脑软件教程arraysdocker软件图文教程Cvue.jslaravelspring-boot