问题描述
我正在尝试将文件上传到 S3 存储桶,并使用 AWS 控制台将默认加密启用为 SSE-KMS 和存储桶策略的拒绝语句,但是,我收到拒绝访问错误。如果我从存储桶策略中删除拒绝条件,我就可以使用 AWS 控制台将文件上传到 S3。
我知道这可以通过传递 --sse aws:kms --sse-kms-key-id <kms-key-id>
使用 aws cli 来实现,但是我想知道有没有办法通过 AWS 控制台上传文件?
存储桶策略 -->
{
"Version": "2008-10-17","Statement": [
{
"Sid": "KMSPut","Effect": "Deny","Principal": "*","Action": "s3:PutObject","Resource": "arn:aws:s3:::MyBucket/*","Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": "aws:kms"
}
}
}
]
}
KMS 政策 -->
{
"Version": "2012-10-17","Id": "key-default-1","Statement": [
{
"Sid": "Allow use of the key","Effect": "Allow","Principal": {
"AWS": [
"arn:aws:iam::12345678:role/MyRole",]
},"Action": [
"kms:Encrypt","kms:Decrypt","kms:ReEncrypt*","kms:GenerateDataKey*","kms:DescribeKey"
],"Resource": "*"
}
]
}
IAM 角色策略 -->
{
"Version": "2012-10-17","Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],"Resource": [
"arn:aws:s3:::*"
],"Effect": "Allow"
},{
"Action": [
"s3:ListBucket"
],"Resource": [
"arn:aws:s3:::MyBucket"
],{
"Action": [
"s3:Getobject","s3:PutObject","s3:DeleteObject"
],"Resource": [
"arn:aws:s3:::MyBucket/*"
],{
"Action": [
"kms:Encrypt","kms:Decrypt"
],"Resource": [
"arn:aws:kms:eu-west-1:12345678:key/1234-abcd-dcba-4321"
],"Effect": "Allow"
}
]
}
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)