S3: The bucket can not be accessed by its root account?

2018-06-21 08:27:14

The permission granting things of S3 is rather complicated. As far as I have understood the root account (that with email login) should have access to anything, except for objects in bucket which do not belong to it (which is not the case).

My setting:

> a root account, called: myroot a IAM user, called myiam, whose parent
> account is myroot

myiam create a bucket, called mybucket. without granting permission, myroot can not have access to it.

I looked up the aws documentation(http://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-overview.html), think that shouldn't be the case

By default, all Amazon S3 resources are private. Only a resource owner can access the resource. The resource owner refers to the AWS account that creates the resource. For example:

The AWS account that you use to create buckets and objects owns those resources. If you create an AWS Identity and Access Management (IAM) user in your AWS account, your AWS account is the parent owner. If the IAM user uploads an object, the parent account, to which the user belongs, owns the object.

It should work just fine.

I did the following to test your situation:

Logged in as an IAM user (using account, username, password)

Created a bucket in the console

Uploaded an object (which stays private by default)

Logged in a root account (using email address, password, MFA)

I was able to view the contents of the bucket in the console

I was able to view the contents of the uploaded object (using Actions -> Open to generate a Signed URL)

链接地址: http://www.djcxy.com/p/59964.html

上一篇: IAM角色基于来自另一个帐户的现有证书集

下一篇: S3：存储桶不能通过其root帐户访问？