如何解决无服务器 s3 AccessDenied
我在这个问题上花了几个小时,但不明白为什么 Access Denied
这里是我对应的 serverless.yml
部分
provider:
name: aws
runtime: nodejs12.x
region: eu-central-1
environment:
STAGE: ${opt:stage,self:provider.stage}
iamRoleStatements:
- Effect: Allow
Action:
- s3:Getobject
- s3:PutObject
Resource:
- arn:aws:s3:::<bucket-1>/*
- arn:aws:s3:::<bucket-2>/*
- Effect: Allow
Action:
- s3:ListBucket
Resource:
- arn:aws:s3:::<bucket-1>
- arn:aws:s3:::<bucket-2>
然后运行
return s3DataProvider.upload({
Bucket: store.bucket,ACL: 'public-read',Body: sm.toString(),Key: `front/${process.env.STAGE}/sitemap.xml`,ContentType: 'text/xml'
}).promise()
其中 store.bucket
是由 <bucket-1>
或 <bucket-2>
我一直都有
ERROR AccessDenied: Access Denied
at Request.extractError (/var/task/node_modules/aws-sdk/lib/services/s3.js:837:35)
at Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/var/task/node_modules/aws-sdk/lib/request.js:688:14)
at Request.transition (/var/task/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/var/task/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /var/task/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:690:12)
at Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:116:18) {
code: 'AccessDenied',region: null,time: 2021-01-25T21:48:47.259Z,requestId: '546A64CC9D503FA8',extendedRequestId: 'hoRF0wDih8jrimR7Ew0ajMhgf4qQ88DCXjWM6bdd1CUsP+9OdpnkiXwZz1UFAK+s7L/clFH4U2c=',cfId: undefined,statusCode: 403,retryable: false,retryDelay: 24.899574651815936
}
解决方法
我不是 100% 肯定,但我猜您的设置中缺少 s3:PutObjectAcl
作为对象的公共读取。
编辑:可能是安全的并授予s3:GetObjectAcl
。可以在此处找到许多讨论和类似问题:Getting Access Denied when calling the PutObject operation with bucket-level permission
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。