S3存储桶操作不适用于任何资源
我正在按照此答案中的说明进行操作,以生成以下S3存储桶策略:
I'm following the instructions from this answer to generate the follow S3 bucket policy:
{
"Id": "Policy1495981680273",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1495981517155",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::surplace-audio",
"Principal": "*"
}
]
}
我得到以下错误:
操作不适用于语句中的任何资源
Action does not apply to any resource(s) in statement
我的保单遗漏了什么?
从IAM文档中, http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Action
某些服务不允许您为单个资源指定操作;相反,您在Action或NotAction元素中列出的所有操作都将应用于该服务中的所有资源.在这种情况下,请在Resource元素中使用通配符*.
Some services do not let you specify actions for individual resources; instead, any actions that you list in the Action or NotAction element apply to all resources in that service. In these cases, you use the wildcard * in the Resource element.
使用此信息,资源应具有如下值:
With this information, resource should have a value like below:
"Resource": "arn:aws:s3:::surplace-audio/*"