好久不用aws,最近需要弄一个可供用户公开访问的s3 bucket,超级用户在编辑存储桶策略(bucket policy)遇到以下错误:

您无权编辑存储桶策略
After you or your AWS administrator have updated your permissions to allow the s3:PutBucketPolicy action, choose Save changes.

按照官方文档,搞了半天IAM,我一个root用户,提示权限不足,开玩笑,最后在“阻止公有访问(存储桶设置)” 里,取消所有阻止设置才成功保存。

公开访问的存储通策略:

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"PublicRead",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject","s3:GetObjectVersion"],
      "Resource":["arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"]
    }
  ]
}