时间戳

首页 > 解决方案 > 如何启用读写亚马逊s3存储桶权限

amazon-web-services - 如何启用读写亚马逊s3存储桶权限

问题描述

我想将我用 heroku 制作的幽灵博客连接到我在 aws 中的 s3 存储桶,以便能够在帖子中上传图片。

我有我的用户 ARN:arn:aws:iam::916616152568:user/ myuser附加到具有“AmazonS3FullAccess”的组。

我究竟做错了什么?

此存储桶的公共访问设置: 

Manage public access control lists (ACLs)
Block new public ACLs and uploading public objects (Recommended)
True

Remove public access granted through public ACLs (Recommended)
True
Manage public bucket policies

Block new public bucket policies (Recommended)
False

Block public and cross-account access if bucket has public policies 
(Recommended)
False

还有我的存储桶政策:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "ListObjectsInBucket",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::916616152568:user/*myuser*"
        },
        "Action": "s3:ListBucket",
        "Resource": "arn:aws:s3:::*myS3bucket*"
    },
    {
        "Sid": "AllObjectActions",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::916616152568:user/*myuser*"
        },
        "Action": "s3:*Object",
        "Resource": "arn:aws:s3:::*myS3bucket*/*"
    }
]
}

我已经将 , 和 上传S3_ACCESS_BUCKET_NAMES3_ACCESS_BUCKET_REGIONS3_ACCESS_KEY_IDS3_ACCESS_SECRET_KEYheroku 环境变量

从我的幽灵服务器上传文件时出现此错误。Failed to load resource: the server responded with a status of 403 (Forbidden)但是,如果我从 aws 控制台登录并上传也没问题。

标签: amazon-web-servicesherokuamazon-s3amazon-iamghost-blog

解决方案

我实际上通过将所有“存储桶的公共访问设置”更改为 false 来修复它。

推荐阅读