让 Apache Camel 与 Amazon S3 存储桶配合使用所需的最低权限是什么?

问题描述 投票:0回答:1

我正在尝试使用 Apache Camel + Amazon S3 制作应用程序。只是一个简单的情况,文件将由端点接收、处理并发送到 S3 存储桶。

s3.bucket=my-bucket
camel.component.aws2-s3.access-key=${AWS_ACCESS_KEY_ID}
camel.component.aws2-s3.secret-key=${AWS_SECRET_ACCESS_KEY}
camel.component.aws2-s3.region=${AWS_REGION:us-east-2}


from("direct:s3")
        .log(INFO, log, "Sending to S3")
        .process(S3Processor())
        .to("aws2-s3://${properties.s3Bucket}?multiPartUpload=true&partSize=10485760")

当我授予用户 S3:* 权限时,一切正常。但我发现很难“微调”这些权限。每当我尝试使用最低限度时,就像:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:ListBucket"
            ],
            "Resource": "arn:aws:s3:::*/*"
        }
    ]
}

启动我的应用程序时,我会收到 S3 错误:

org.apache.camel.FailedToStartRouteException: Failed to start route route3 because of null
    at org.apache.camel.impl.engine.RouteService.warmUp(RouteService.java:123) ~[camel-base-engine-3.11.0.jar:3.11.0]
    at org.apache.camel.impl.engine.InternalRouteStartupManager.doWarmUpRoutes(InternalRouteStartupManager.java:306) ~[camel-base-engine-3.11.0.jar:3.11.0]
    at org.apache.camel.impl.engine.InternalRouteStartupManager.safelyStartRouteServices(InternalRouteStartupManager.java:189) ~[camel-base-engine-3.11.0.jar:3.11.0]
    at org.apache.camel.impl.engine.InternalRouteStartupManager.doStartOrResumeRoutes(InternalRouteStartupManager.java:147) ~[camel-base-engine-3.11.0.jar:3.11.0]
    at org.apache.camel.impl.engine.AbstractCamelContext.doStartCamel(AbstractCamelContext.java:3166) ~[camel-base-engine-3.11.0.jar:3.11.0]
    at org.apache.camel.impl.engine.AbstractCamelContext.doStartContext(AbstractCamelContext.java:2846) ~[camel-base-engine-3.11.0.jar:3.11.0]
    at org.apache.camel.impl.engine.AbstractCamelContext.doStart(AbstractCamelContext.java:2797) ~[camel-base-engine-3.11.0.jar:3.11.0]
    at org.apache.camel.spring.boot.SpringBootCamelContext.doStart(SpringBootCamelContext.java:43) ~[camel-spring-boot-3.11.0.jar:3.11.0]
    at org.apache.camel.support.service.BaseService.start(BaseService.java:119) ~[camel-api-3.11.0.jar:3.11.0]
    at org.apache.camel.impl.engine.AbstractCamelContext.start(AbstractCamelContext.java:2494) ~[camel-base-engine-3.11.0.jar:3.11.0]
    at org.apache.camel.impl.DefaultCamelContext.start(DefaultCamelContext.java:245) ~[camel-core-engine-3.11.0.jar:3.11.0]
    at org.apache.camel.spring.SpringCamelContext.start(SpringCamelContext.java:119) ~[camel-spring-3.11.0.jar:3.11.0]
    at org.apache.camel.spring.SpringCamelContext.onApplicationEvent(SpringCamelContext.java:151) ~[camel-spring-3.11.0.jar:3.11.0]
    at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:176) ~[spring-context-5.3.6.jar:5.3.6]
    at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:169) ~[spring-context-5.3.6.jar:5.3.6]
    at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:143) ~[spring-context-5.3.6.jar:5.3.6]
    at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:421) ~[spring-context-5.3.6.jar:5.3.6]
    at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:378) ~[spring-context-5.3.6.jar:5.3.6]
    at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:938) ~[spring-context-5.3.6.jar:5.3.6]
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:586) ~[spring-context-5.3.6.jar:5.3.6]
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:782) ~[spring-boot-2.4.5.jar:2.4.5]
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:774) ~[spring-boot-2.4.5.jar:2.4.5]
    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:439) ~[spring-boot-2.4.5.jar:2.4.5]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:339) ~[spring-boot-2.4.5.jar:2.4.5]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1340) ~[spring-boot-2.4.5.jar:2.4.5]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1329) ~[spring-boot-2.4.5.jar:2.4.5]
    at net.myapp.RouterApplicationKt.main(RouterApplication.kt:15) ~[main/:na]

我找不到任何地方列出我的用户应拥有的最低权限。 有人知道这些权限是什么吗?

啊,在有人问之前,只需 s3:PutObject 权限,我就可以使用 aws 命令行客户端将文件上传到我的存储桶。

[]的

amazon-s3 apache-camel
1个回答
0
投票

缩小权限组合的范围后,我最终得到与开始时相同的结果:

"Action": [
    "s3:PutObject",
    "s3:PutObjectAcl",
    "s3:ListBucket"
]

唯一的区别是,我还将范围限制为单个存储桶,而不是使用所有存储桶 arn ("Resource": "arn:aws:s3:::/")。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.