问题描述
在使用Amazon S3时遇到了以下错误:Invalid bucket policy syntax. 他怀疑是JSON语法错误或策略错误导致的。以下是他尝试但失败的策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::<my bucket>",
"Principal": {
"AWS": [
"arn:aws:iam::560184616970:user/<my username>"
]
},
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectAclVersion"
],
"Resource": "arn:aws:s3:::<my-bucket>/*",
"Principal": {
"AWS": [
"arn:aws:iam::560184616970:user/<my-username>"
]
},
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*"
}
]
}
]
}
]
}
用户希望得到指导。
解决方案
请注意以下操作注意版本差异及修改前做好备份。
方案1
根据回答1的建议,您尝试将多个策略合并为一个,导致了错误。每个原始策略都有一个带有其语句数组的语句,并且您将它们嵌套在一起。
以下是一个修复后的策略示例,将每个语句块放在策略的Statement数组中:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::<my bucket>",
"Principal": {
"AWS": [
"arn:aws:iam::560184616970:user/<my username>"
]
}
},
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectAclVersion"
],
"Resource": "arn:aws:s3:::<my-bucket>/*",
"Principal": {
"AWS": [
"arn:aws:iam::560184616970:user/<my-username>"
]
}
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*"
}
]
}
请注意,每个语句块都在策略的Statement数组中。这样应该可以解决您的问题。
方案2
您还可以尝试使用AWS提供的AWS Bucket Policy Generator来生成策略。这个工具可以帮助您生成正确的策略,避免语法错误。
希望这些解决方案能帮助到您解决问题。如果问题仍然存在,请考虑将问题提交到Amazon支持论坛,以获取更多帮助。
正文完