好久不用aws,最近需要弄一个可供用户公开访问的s3 bucket,超级用户在编辑存储桶策略(bucket policy)遇到以下错误:
您无权编辑存储桶策略
After you or your AWS administrator have updated your permissions to allow the s3:PutBucketPolicy action, choose Save changes.
按照官方文档,搞了半天IAM,我一个root用户,提示权限不足,开玩笑,最后在“阻止公有访问(存储桶设置)” 里,取消所有阻止设置才成功保存。
公开访问的存储通策略:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"PublicRead",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject","s3:GetObjectVersion"],
"Resource":["arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"]
}
]
}