I've been using my AWS S3 account keys while playing around with the javascript SDK and working on shoveling files back and forth. Now that it's time to move this out of my development environment, I set up an IAM account so that I could use something with restricted access. However, once I dropped in the new keys, I'm totally unable to access S3. I can't even list the objects in a bucket.
As far as I can tell from the docs, I've got the permissions configured correctly. While trying to get this to work I went ahead and set it to everything allowed.
Here is my wide open policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1421961557000",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"*"
]
}
]
}
I then ran the policy through a Policy Simulator set to S3 with All Actions selected and it listed "allowed" for all items as expected.
So, feeling that the policy is correct, I moved back to my code.
I replaced the existing credentials in my AWS global Config object with my IAM credentials, and then tried to grab a bucket.
AWS.config.update({accessKeyId: 'MY_KEY', secretAccessKey: 'MY_SECRET_KEY'});
bucket = new AWS.S3({params: {Bucket: 'MY_BUCKET'}});
Now every request I make against the S3 service comes back as 403 Forbidden. Specifically, with the error:
The request signature we calculated does not match the signature you provided. Check your key and signing method.
If I drop in my main account keys everything works 100% A-OK. So, why can't my IAM user access anything?
Aucun commentaire:
Enregistrer un commentaire