无法将策略添加到 serverless.yaml 中的 s3 存储桶
Trouble adding policy to s3 bucket in serverless.yaml
我有以下策略要添加到我的 S3 存储桶
s3Permissions:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: ${self:provider.environment.S3_BUCKET}
PolicyDocument:
Id: Policy1590589947784
Version: '2012-10-17'
Statement:
- Sid: getObjectFromS3
Action:
- s3:GetObject
Effect: Allow
Resource: arn:aws:s3:::${self:provider.environment.S3_BUCKET}
Principal: "*"
我将此设置作为我的环境变量之一
S3_BUCKET: com.backbar.lookups.${self:provider.stage}
我尝试部署时出现以下错误
An error occurred: s3Permissions - Action does not apply to any resource(s) in statement (Service: Amazon S3; Status Code: 400; Error Code: MalformedPolicy; Request ID: 3760256F6D1080A1; S3 Extended Request ID: ...
如何正确设置桶策略?
我相信,而不是:
Resource: arn:aws:s3:::${self:provider.environment.S3_BUCKET}
应该是:
Resource: arn:aws:s3:::${self:provider.environment.S3_BUCKET}/*
s3:GetObject
适用于对象。你原来的Resource
是一个桶
我有以下策略要添加到我的 S3 存储桶
s3Permissions:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: ${self:provider.environment.S3_BUCKET}
PolicyDocument:
Id: Policy1590589947784
Version: '2012-10-17'
Statement:
- Sid: getObjectFromS3
Action:
- s3:GetObject
Effect: Allow
Resource: arn:aws:s3:::${self:provider.environment.S3_BUCKET}
Principal: "*"
我将此设置作为我的环境变量之一
S3_BUCKET: com.backbar.lookups.${self:provider.stage}
我尝试部署时出现以下错误
An error occurred: s3Permissions - Action does not apply to any resource(s) in statement (Service: Amazon S3; Status Code: 400; Error Code: MalformedPolicy; Request ID: 3760256F6D1080A1; S3 Extended Request ID: ...
如何正确设置桶策略?
我相信,而不是:
Resource: arn:aws:s3:::${self:provider.environment.S3_BUCKET}
应该是:
Resource: arn:aws:s3:::${self:provider.environment.S3_BUCKET}/*
s3:GetObject
适用于对象。你原来的Resource
是一个桶