I figured out myself. It needs to be done in the IAM, not in S3 itself...
s3 Policy has invalid action - s3:ListAllMyBuckets
Вопрос
I'm trying these policy through console.aws.amazon.com on my buckets:
{ "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation", "s3:ListBucketMultipartUploads" ], "Resource": "arn:aws:s3:::itnighq", "Condition": {} }, { "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectVersion", "s3:GetObjectVersionAcl", "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectAclVersion" ], "Resource": "arn:aws:s3:::itnighq/*", "Condition": {} }, { "Effect": "Allow", "Action": "s3:ListAllMyBuckets", "Resource": "*", "Condition": {} } ] }
But I'm getting this error message: Policy has invalid action - s3:ListAllMyBuckets It doesn't seem to like "Resource": "*" , I've also tried to use **arn:aws:s3:::****, but it doesn't work either.
Anyone has any clue?
Решение 2
Другие советы
As zdev mentioned, you need to do this for the IAM. Go to the IAM console and navigate to Users > Permissions > Inline policies > Create > Custom, and enter this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
@dnlbrky You need to do this by setting the policy on for the IAM user/group/role and set it by either using the AWS console for the IAM user/group or by calling put_[role/user/group]_policy boto API call.
Anyone getting same issue:
S3 bucket Policy Actions
are different from IAM policy actions
.
Can reference to s3 actions from https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html.
Or try with the following actions
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],