3

我对aws等最不熟悉。目前正在尝试使用s3-bashPalletOps将一个小的war文件上传到s3存储桶。为此,我将 clojure 配置文件配置为

(defpallet :default-service
           :vmfest
           :services {:localhost {:provider "localhost"}
                      :vmfest {:provider                "vmfest"
                               :vbox-comm               :ws
                               :default-network-type    :local
                               :default-memory-size     1024
                               :default-local-interface "vboxnet5"}
                      :aws-ec2 {:provider   "aws-ec2"
                                :identity   "AAAAAAAAAAAAAAAAAAQ"
                                :credential "ATMz1/gerGGFHDh/GFGGFGFGFHFHFHGTUUTUgdgdgdg"}})

在 aws 上,我向该用户添加了 IAM 策略,

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iam:*",
      "Resource": "*"
    }
  ]
}

在尝试lein pallet up -P aws-ec2使用上述配置进行集群时,出现以下错误,

Caused by: org.jclouds.aws.AWSResponseException: request POST
  https://ec2.us-east-1.amazonaws.com/ HTTP/1.1 failed with code 403,
        error: AWSError{requestId='c20a65f1-64a1-4d7f-be27-690d495ffd09',
        requestToken='null', code='UnauthorizedOperation', message='You are not
        authorized to perform this operation.', context='{Response=, Errors=}'}
    at org.jclouds.aws.handlers.ParseAWSErrorFromXmlContent.handleError(ParseAWSErrorFromXmlContent.java:77)
    ... 77 more
Subprocess failed

我也尝试在https://policysim.aws.amazon.com/home/index.jsp?#进行模拟,但即使是“ListBucket”操作也失败了,并带有错误Implicitly denied (no matching statements found).

我可能缺少在 aws ec2 上进行配置,但无法进一步移动。

4

1 回答 1

0

我认为您可能需要s3*在 IAM 策略中添加一个条目:

以下是仅允许上传到特定文件夹的策略示例:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:*"
      ],
      "Sid": "Stmt13NNNNNNNN000",
      "Resource": [
        "arn:aws:s3:::bucket-name/specific-folder/*"
      ],
      "Effect": "Allow"
    },
{
      "Action": [
        "s3:*"
      ],
      "Sid": "StmtNNNNNNNNNNN",
      "Resource": [
        "arn:aws:s3:::bucket-name"
      ],
       "Effect": "Allow"
     }
   ] 
 }

在“超级用户”预建策略(如果可以的话)中使用凭据进行测试以排除此类权限问题也是值得的。

于 2014-06-04T23:12:46.783 回答