0

情况:

名为 BucketDataDeliveries 的 S3 存储桶

IAM 用户:the_deliverer

工具:赛博鸭

我创建了一个名为 the_deliverer 的新用户。我正在尝试使用cyberduck客户端连接到存储桶,但是当启动连接时出现以下消息:

我们计算的请求签名与您提供的签名不匹配。检查您的密钥和签名方法。

连接截图

在此处输入图像描述

政策

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "BucketOperations",
        "Effect": "Allow",
        "Action": "s3:ListBucket*",
        "Resource": [
            "arn:aws:s3:::BucketDataDeliveries",
            "arn:aws:s3:::BucketDataDeliveries/*"
        ]
    },
    {
        "Sid": "ObjectOperations",
        "Effect": "Allow",
        "Action": [
            "s3:AbortMultipartUpload",
            "s3:DeleteObject*",
            "s3:GetObject*",
            "s3:PutObject*"
        ],
        "Resource": [
            "arn:aws:s3:::BucketDataDeliveries",
            "arn:aws:s3:::BucketDataDeliveries/*"
        ]
    },
    {
        "Sid": "DenyAllOthers",
        "Effect": "Deny",
        "Action": "s3:*",
        "NotResource": [
            "arn:aws:s3:::BucketDataDeliveries",
            "arn:aws:s3:::BucketDataDeliveries/*"
        ]
    }
]

}

你能帮助我吗?

谢谢!

4

1 回答 1

0

我找到了答案。

当您想使用所有者帐户访问存储桶时,在cyberduck s3 连接中定义的url 是:bucket.s3.amazonaws.com

但是,当您想与在 IAM 中创建的其他用户一起访问时,服务器的 url 是:bucket.s3-zone.amazonaws.com

在我的示例中: BucketDataDeliveries.s3-us-gov-west-1.amazonaws.com

于 2021-09-14T07:59:36.300 回答