发表新帖
发表新帖

Amazon S3 copyObject permission

前端 未结
关注
3 1956
梦毁少年i
梦毁少年i 2020-12-29 03:56

I\'v got user with all permissions.

{
  \"Statement\": [
    {
      \"Effect\": \"Allow\",
      \"Action\": \"*\",
      \"Resource\": \"*\"
    }
  ]
}
相关标签:
3条回答
  • 攒了一身酷
    2020-12-29 04:29

    I know this is an old question, but I ran into the same issue recently while doing work on a legacy project.

    $this->client->copyObject([
    'Bucket'        => $this->bucket,
    'CopySource'    => $file,
    'Key'           => str_replace($source, $destination, $file),
]);

    All of the my other S3 calls worked except for copyObject continued to throw an ACCESS DENIED error. After some digging, I finally figured out why.

    I was passing just the key and making the assumption that the bucket being passed was what both the source and destination would use. Turns out that is an incorrect assumption. The source must have the bucket name prefixed.

    Here was my solution:

    $this->client->copyObject([
    'Bucket'        => $this->bucket,
    // Added the bucket name to the copy source
    'CopySource'    => $this->bucket.'/'.$file,
    'Key'           => str_replace($source, $destination, $file),
]);

    It says "Access Denied" because it thinks the first part of your key/folder is actually the name of the bucket which either doesn't exist or you really don't have access to.

    Hope that helps a few people out!

    0 讨论(0)
  • 悲哀的现实
    2020-12-29 04:38

    Popular answer was on point, but still had issues. Had to include ACL option.

    $this->client->copyObject([
  'Bucket'        => $this->bucket,
  // Added the bucket name to the copy source
  'CopySource'    => $this->bucket.'/'.$file,
  'Key'           => str_replace($source, $destination, $file),
  'ACL'           => 'public-read'
]);

    ACL can be one of these value 'ACL' => 'private|public-read|public-read-write|authenticated-read|aws-exec-read|bucket-owner-read|bucket-owner-full-control',

    0 讨论(0)
  • 星月不相逢
    2020-12-29 04:41

    Found out what the issue is here; being an AWS newbie I struggled here for a bit until I realized that each policy for the users you set needs to clearly allow the service you're using.

    In this case I hadn't set the user to be allowed into S3.

    Goto IAM then goto Users and click on the particular user that has the credentials you're using. From there goto Permissions tab, then click on Attach User Policy and find the S3 policy under select policy template. This should fix your problem.

    Hope that helps!

    0 讨论(0)
 看不清?
提交回复
热议问题