AWS SFTP Transfer 下载通过S3上传的文件(非SFTP上传)权限问题

FileZilla通过 AWS SFTP Transfer 下载通过S3上传的文件(非SFTP上传),如 AWS Console 或 AWS Cli 上传的文件,IAM 角色策略配置为s3:GetObjects3:GetObjectAcl,FileZilla报错如下:

1
2
错误: error while reading: permission denied
错误: 文件传输失败

解决方法:IAM角色策略配置添加s3:GetObjectVersion权限即可

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:GetObjectAcl",
"s3:GetObject",
"s3:GetObjectVersion"
],
"Resource": "arn:aws:s3:::appblog-cn/prod/icbc/reconcile/*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::appblog-cn"
}
]
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
if (event.serverId !== "" && event.username == 'u_icbc') {
response = {
Role: 'arn:aws:iam::563881802881:role/role-sftp-reconcile-icbc', // The user will be authenticated if and only if the Role field is not blank
Policy: '',
HomeDirectory: '/appblog-cn/prod/icbc/reconcile' // Not required, defaults to '/'
};

// Check if password is provided
if (event.password == "") {
// If no password provided, return the user's SSH public key
response['PublicKeys'] = [ "ssh-rsa myrsapubkey" ];
// Check if password is correct
} else if (event.password !== '******') {
// Return HTTP status 200 but with no role in the response to indicate authentication failure
response = {};
}

console.log(response)
}

Powered by AppBlog.CN     浙ICP备14037229号

Copyright © 2012 - 2020 APP开发技术博客 All Rights Reserved.

访客数 : | 访问量 :