我使用 AES 加密或 AWS 管理的密钥在我的存储桶上启用了默认加密。我在将文件上传到它时遇到问题。它让我访问被拒绝。
我不确定要更新哪个策略才能访问加密。
我是否将它放在存储桶的策略或存储桶授予访问权限的角色上?
我有这些对象:bucket_a role_for_bucket_a policy_for_role_of_bucket_a
这是附加到角色 (role_for_bucket_a) 的策略 (policy_for_role_of_bucket_a)
{
"Statement": [
{
"Action": [
"s3:*Object"
],
"Effect": "Allow",
"Resource": [
"my-bucket",
"my-bucket/*"
]
}
],
"Version": "2012-10-17"
}
bucket_a 具有以下策略,限制对特定 vpc 集群的访问
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:DeleteObject",
"s3:DeleteObjectVersion"
],
"Resource": [
"arn:aws:s3:::my-bucket/*"
],
"Condition": {
"StringEquals": {
"aws:SourceVpc": [
"my-vpc"
]
}
}
}
]
}