当前位置: 首页 > 知识库问答 >
问题:

我收到s3错误:调用ListBucket操作时出错(AccessDenied):拒绝访问

怀刚毅
2023-03-14

在此处输入代码:调用ListBucket操作时出错(AccessDenied):拒绝访问

但我有一个IAM策略集,并使用aws CLI和--profile,该配置文件附带了该策略。IAM政策:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::my-repository"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:GetObjectAcl",
                "s3:GetObject",
                "s3:GetObjectTagging",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::my-repository/data/*"
        }
    ]
}

aws --profile my-repository s3 ls

An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied

共有2个答案

曹伟泽
2023-03-14
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::my-repository"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor2",
            "Effect": "Allow",
            "Action": [
                "s3:GetObjectAcl",
                "s3:GetObject",
                "s3:GetObjectTagging",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::my-repository/data/*"
        }
    ]
}
晁国发
2023-03-14

您需要以下IAM权限才能执行aws s3 ls:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "*"
        }
    ]
}
 类似资料: