我有以下要添加到我的S3存储桶中的策略
s3Permissions:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: ${self:provider.environment.S3_BUCKET}
PolicyDocument:
Id: Policy1590589947784
Version: '2012-10-17'
Statement:
- Sid: getObjectFromS3
Action:
- s3:GetObject
Effect: Allow
Resource: arn:aws:s3:::${self:provider.environment.S3_BUCKET}
Principal: "*"
我将此设置作为我的环境变量之一
S3_BUCKET: com.backbar.lookups.${self:provider.stage}
我尝试部署时收到以下错误
An error occurred: s3Permissions - Action does not apply to any resource(s) in statement (Service: Amazon S3; Status Code: 400; Error Code: MalformedPolicy; Request ID: 3760256F6D1080A1; S3 Extended Request ID: ...
如何正确设置存储桶策略?
我相信不是:
Resource: arn:aws:s3:::${self:provider.environment.S3_BUCKET}
应该是:
Resource: arn:aws:s3:::${self:provider.environment.S3_BUCKET}/*
s3:GetObject适用于对象。您原来的Resource是一个存储桶。