将 S3 文件从一个帐户复制到另一个帐户

【问题标题】:Copying S3 files from one account to another将 S3 文件从一个帐户复制到另一个帐户
【发布时间】:2022-11-15 17:13:12
【问题描述】:

我试图简单地将一些文件从另一个 S3 帐户复制到我的帐户,但我经常遇到以下错误 -

An error occurred (AccessDenied) when calling the UploadPartCopy operation: Cannot access through this access point

我已经为所需的复制粘贴操作添加了关于 IAM 用户和存储桶的策略-

IAM 政策 -

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*",
                "s3:Put*"
            ],
            "Resource": [
                "arn:aws:s3:us-west-2:620889225884:accesspoint/bulian-ai-mdl-parquet-1-access-point/*",
                "arn:aws:s3:us-west-2:620889225884:accesspoint/bulian-ai-mdl-parquet-1-access-point",
                "arn:aws:s3:::bulian-ai-mdl-parque-eziseoueyefwzsncu4iwr13fgpocyusw2b-s3alias/*",
                "arn:aws:s3:::bulian-ai-mdl-parque-eziseoueyefwzsncu4iwr13fgpocyusw2b-s3alias",
                "arn:aws:s3:::mobilelocationfeed.parquet.usw2.onemata.com/*",
                "arn:aws:s3:::mobilelocationfeed.parquet.usw2.onemata.com",
                "arn:aws:s3:::bulianai"
            ]
        }
    ]
}

存储桶策略 -

{
    "Version": "2008-10-17",
    "Id": "Policy1357935677555",
    "Statement": [
        {
            "Sid": "Stmt1357935647218",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::864295014592:user/bulian_demo"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::bulianai"
        },
        {
            "Sid": "Stmt1357935676138",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::864295014592:user/bulian_demo"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::bulianai/*"
        }
    ]

}

我能够在 CLI 上列出源文件,因此这个帐户确实可以访问源存储桶,我不太确定这里的问题到底是什么。

【问题讨论】:

  • 你从哪里复制到哪里?存储桶策略是在源还是目标?遗憾的是,您的问题缺乏细节,不清楚。

标签: amazon-web-services amazon-s3


【解决方案1】:

  1. 奇怪我从来没有见过通配符文档的这种用法 - https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html

      "s3:Get*",
  "s3:List*",
  "s3:Put*"

  2. 您的 iam 策略缺少源或目标存储桶的权限(不清楚什么是源或目标)

      {
   "Version": "2012-10-17",
   "Statement": [
     {
       "Effect": "Allow",
       "Action": [
         "s3:ListBucket",
         "s3:GetObject"
       ],
       "Resource": [
         "arn:aws:s3:::source-DOC-EXAMPLE-BUCKET",
         "arn:aws:s3:::source-DOC-EXAMPLE-BUCKET/*"
       ]
     },
     {
       "Effect": "Allow",
       "Action": [
         "s3:ListBucket",
         "s3:PutObject",
         "s3:PutObjectAcl"
       ],
       "Resource": [
         "arn:aws:s3:::destination-DOC-EXAMPLE-BUCKET",
         "arn:aws:s3:::destination-DOC-EXAMPLE-BUCKET/*"
       ]
     }
   ]
 }

    关注这个https://aws.amazon.com/premiumsupport/knowledge-center/copy-s3-objects-account/

【讨论】:

    猜你喜欢
    • 2011-07-27
    • 1970-01-01
    • 1970-01-01
    • 2022-11-25
    • 2022-12-21
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2020-02-17
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode