我正在尝试使用 Apache Camel + Amazon S3 制作应用程序。只是一个简单的情况,文件将由端点接收、处理并发送到 S3 存储桶。
s3.bucket=my-bucket
camel.component.aws2-s3.access-key=${AWS_ACCESS_KEY_ID}
camel.component.aws2-s3.secret-key=${AWS_SECRET_ACCESS_KEY}
camel.component.aws2-s3.region=${AWS_REGION:us-east-2}
from("direct:s3")
.log(INFO, log, "Sending to S3")
.process(S3Processor())
.to("aws2-s3://${properties.s3Bucket}?multiPartUpload=true&partSize=10485760")
当我授予用户 S3:* 权限时,一切正常。但我发现很难“微调”这些权限。每当我尝试使用最低限度时,就像:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::*/*"
}
]
}
启动我的应用程序时,我会收到 S3 错误:
org.apache.camel.FailedToStartRouteException: Failed to start route route3 because of null
at org.apache.camel.impl.engine.RouteService.warmUp(RouteService.java:123) ~[camel-base-engine-3.11.0.jar:3.11.0]
at org.apache.camel.impl.engine.InternalRouteStartupManager.doWarmUpRoutes(InternalRouteStartupManager.java:306) ~[camel-base-engine-3.11.0.jar:3.11.0]
at org.apache.camel.impl.engine.InternalRouteStartupManager.safelyStartRouteServices(InternalRouteStartupManager.java:189) ~[camel-base-engine-3.11.0.jar:3.11.0]
at org.apache.camel.impl.engine.InternalRouteStartupManager.doStartOrResumeRoutes(InternalRouteStartupManager.java:147) ~[camel-base-engine-3.11.0.jar:3.11.0]
at org.apache.camel.impl.engine.AbstractCamelContext.doStartCamel(AbstractCamelContext.java:3166) ~[camel-base-engine-3.11.0.jar:3.11.0]
at org.apache.camel.impl.engine.AbstractCamelContext.doStartContext(AbstractCamelContext.java:2846) ~[camel-base-engine-3.11.0.jar:3.11.0]
at org.apache.camel.impl.engine.AbstractCamelContext.doStart(AbstractCamelContext.java:2797) ~[camel-base-engine-3.11.0.jar:3.11.0]
at org.apache.camel.spring.boot.SpringBootCamelContext.doStart(SpringBootCamelContext.java:43) ~[camel-spring-boot-3.11.0.jar:3.11.0]
at org.apache.camel.support.service.BaseService.start(BaseService.java:119) ~[camel-api-3.11.0.jar:3.11.0]
at org.apache.camel.impl.engine.AbstractCamelContext.start(AbstractCamelContext.java:2494) ~[camel-base-engine-3.11.0.jar:3.11.0]
at org.apache.camel.impl.DefaultCamelContext.start(DefaultCamelContext.java:245) ~[camel-core-engine-3.11.0.jar:3.11.0]
at org.apache.camel.spring.SpringCamelContext.start(SpringCamelContext.java:119) ~[camel-spring-3.11.0.jar:3.11.0]
at org.apache.camel.spring.SpringCamelContext.onApplicationEvent(SpringCamelContext.java:151) ~[camel-spring-3.11.0.jar:3.11.0]
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:176) ~[spring-context-5.3.6.jar:5.3.6]
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:169) ~[spring-context-5.3.6.jar:5.3.6]
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:143) ~[spring-context-5.3.6.jar:5.3.6]
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:421) ~[spring-context-5.3.6.jar:5.3.6]
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:378) ~[spring-context-5.3.6.jar:5.3.6]
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:938) ~[spring-context-5.3.6.jar:5.3.6]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:586) ~[spring-context-5.3.6.jar:5.3.6]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:782) ~[spring-boot-2.4.5.jar:2.4.5]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:774) ~[spring-boot-2.4.5.jar:2.4.5]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:439) ~[spring-boot-2.4.5.jar:2.4.5]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:339) ~[spring-boot-2.4.5.jar:2.4.5]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1340) ~[spring-boot-2.4.5.jar:2.4.5]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1329) ~[spring-boot-2.4.5.jar:2.4.5]
at net.myapp.RouterApplicationKt.main(RouterApplication.kt:15) ~[main/:na]
我找不到任何地方列出我的用户应拥有的最低权限。 有人知道这些权限是什么吗?
啊,在有人问之前,只需 s3:PutObject 权限,我就可以使用 aws 命令行客户端将文件上传到我的存储桶。
[]的
缩小权限组合的范围后,我最终得到与开始时相同的结果:
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:ListBucket"
]
唯一的区别是,我还将范围限制为单个存储桶,而不是使用所有存储桶 arn ("Resource": "arn:aws:s3:::/")。