每当我尝试通过我的 .NET 应用程序访问 amazon s3 时,都会被拒绝访问。我有一个 IAM 用户,如果我使用他的凭据,它就可以正常工作。但是,如果我使用他的凭据创建联合用户,则生成的用户将无法访问 Amazon s3 中的存储桶。需要注意的一件事是,我没有在我的代码中为我的联合用户指定策略。我希望他拥有与 IAM 用户相同的访问级别。但是,如果我在代码中指定策略值,我可以访问和列出存储桶。任何指针?
private static SessionAWSCredentials GetTemporaryFederatedCredentials(
string accessKeyId, string secretAccessKeyId)
{
var config = new AmazonSecurityTokenServiceConfig();
var stsClient =
new AmazonSecurityTokenServiceClient(
accessKeyId, secretAccessKeyId, config);
var federationTokenRequest =
new GetFederationTokenRequest();
federationTokenRequest.Name = "User1";
// federationTokenRequest.Policy =
// @"{
// ""Statement"":
// [
// {
// ""Action"":[""s3:ListAllMyBuckets""],
// ""Effect"":""Allow"",
// ""Resource"":""arn:aws:s3:::*""
// }
// ]
// }";
federationTokenRequest.DurationSeconds = 3600;
GetFederationTokenResponse federationTokenResponse =
stsClient.GetFederationToken(federationTokenRequest);
GetFederationTokenResult federationTokenResult =
federationTokenResponse.GetFederationTokenResult;
Credentials credentials = federationTokenResult.Credentials;
var sessionCredentials =
new SessionAWSCredentials(credentials.AccessKeyId,
credentials.SecretAccessKey,
credentials.SessionToken);
return sessionCredentials;
}
}
}