阿里云OSS操作权限报“Access denied by authorizer's policy”错误
前提:
快速搭建移动应用直传服务:https://help.aliyun.com/zh/oss/use-cases/set-up-direct-data-transfer-for-mobile-apps#9354e07004mro
客户端post图片后返回:
<Error>
<Code>AccessDenied</Code>
<Message>Access denied by authorizer's policy.</Message>
<RequestId>xxxxx</RequestId>
<HostId>xxxxx</HostId>
</Error>
原因是鉴权文件的权限问题。
新版的 bucket_write_policy.txt 中的权限:
{
"Statement": [
{
"Action": [
"oss:PutObject",
"oss:ListParts",
"oss:AbortMultipartUpload"
],
"Effect": "Allow",
"Resource": ["acs:oss:*:*:$BUCKET_NAME/$OBJECT_PREFIX*"]
}
],
"Version": "1"
}
Action 对于上传没有问题,但是依然会报错,问题出在 "Resource": ["acs:oss:*:*:$BUCKET_NAME/$OBJECT_PREFIX*"] 部分。
看一下老版的 bucket_write_policy.txt 中的权限:
oss:PutObject{
"Statement": [
{
"Action": [
"oss:*"
],
"Effect": "Allow",
"Resource": ["acs:oss:*:*:*"]
}
],
"Version": "1"
}
将出问题的 bucket_write_policy.txt 中的 Resource 节点改为 ["acs:oss:*:*:*"] 即可。
如果只是上传,Action 配置成如下即可:
"Action": ["oss:PutObject"]
完整的 bucket_write_policy.txt:
{
"Statement": [
{
"Action": [
"oss:PutObject"
],
"Effect": "Allow",
"Resource": ["acs:oss:*:*:*"]
}
],
"Version": "1"
}
OSS Action分类:https://help.aliyun.com/zh/oss/user-guide/overview-22?spm=a2c4g.11186623.0.0.485c351eSeJYAd#section-x3c-nsm-2gb
OSS Resource说明:https://help.aliyun.com/zh/oss/user-guide/overview-22?spm=a2c4g.11186623.0.0.485c351eSeJYAd#section-an0-sb1-5sh
我的笔记