amazon web services - S3 TVM Issue – getting access denied -

-

i'm trying let ios app upload s3 using credentials gets modified anonymous token vending machine.

the policy statement token vending machine returns is:

{"statement":     [         {"effect":"allow",          "action":"s3:*",          "resource":"arn:aws:s3:::my-bucket-test",          "condition": {             "stringlike": {                 "s3:prefix": "66-*"             }          }         },         {"effect":"deny","action":"sdb:*","resource":["arn:aws:sdb:us-east-1:myaccountidhere:domain/__users_domain__","arn:aws:sdb:us-east-1:myaccountidhere:domain/tokenvendingmachine_devices"]},         {"effect":"deny","action":"iam:*","resource":"*"}     ] }

the object i'm trying put has same bucket name , key 66-3315f11e-84fa-417f-9c32-ac4be364ad99.natural.mp4.

as far understand should work fine, doesn't, , throws access denied message. there wrong policy statement?

you don't need use prefix refer resource context of object operations. i'd recommend restricting s3 actions. here recommend policy, based on 1 article on s3 personal file store. feel free remove listbucket if doesn't make sense app.

{"statement":     [         {"effect":"allow",          "action":["s3:putobject","s3:getobject","s3:deleteobject"],          "resource":"arn:aws:s3:::my-bucket-test/66-*",         },         {"effect":"allow",          "action":"s3:listbucket",          "resource":"arn:aws:s3:::my-bucket-test",          "condition":{               "stringlike":{                    "s3:prefix":"66-*"               }          }         },           {"effect":"deny","action":"sdb:*","resource":["arn:aws:sdb:us-east-1:myaccountidhere:domain/__users_domain__","arn:aws:sdb:us-east-1:myaccountidhere:domain/tokenvendingmachine_devices"]},         {"effect":"deny","action":"iam:*","resource":"*"}     ]  }

Comments

Post a Comment

Popular posts from this blog

ios - RestKit 0.20 — CoreData: error: Failed to call designated initializer on NSManagedObject class (again) -

-
this error has shown on many times, seems. prominent answer issue seems restkit 0.20 — coredata: error: failed call designated initializer on nsmanagedobject class however, solution posted doesn't work me. let's start beginning: i want upload file server. want parse response make sure uploaded. if not, try again later. model has boolean variable called nsnumber *senttoserver purpose (in coredata, bool saved nsnumber ) . because don't know whether sending going successful, save entity coredata model first before sending via restkit. when post request successful, server returns json string this: {"id":14,"created":true} notice that, of course, id not set on coredata model yet, both id , created new informations model. here's model: @interface recording : nsmanagedobject @property (nonatomic, retain) nsstring * audiofilepath; @property (nonatomic, retain) nsdate * createdat; @property (nonatomic, retain) nsstring * deviceid; @
Read more

laravel - PDOException in Connector.php line 55: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: YES) -

-
my .env: app_env=local app_debug=true app_key=myappkey app_url=http://localhost db_connection=mysql db_host=localhost db_port=3306 db_database=gestiontaller db_username=root db_password='root' cache_driver=file session_driver=file queue_driver=sync redis_host=127.0.0.1 redis_password=null redis_port=6379 mail_driver=smtp mail_host=mailtrap.io mail_port=2525 mail_username=null mail_password=null mail_encryption=null i've tried password ", ' , without, restarting server every time. i've tried changing localhost 172.0.0.1. yes, password correct, running mysql -u root -p introducing password root in prompt can go mysql. users table: +------------------+-----------+ | user | host | +------------------+-----------+ | debian-sys-maint | localhost | | mysql.sys | localhost | | root | localhost | | root1 | localhost | +------------------+-----------+ i've added homestead.yaml this: database_port: 3306
Read more

java - Digest auth with Spring Security using javaconfig -

-
so i'm trying create digest authentication spring following documentation trying translate xml "requirements" in java requirements. let's have xml in docs: <bean id="digestfilter" class= "org.springframework.security.web.authentication.www.digestauthenticationfilter"> <property name="userdetailsservice" ref="jdbcdaoimpl"/> <property name="authenticationentrypoint" ref="digestentrypoint"/> <property name="usercache" ref="usercache"/> </bean> <bean id="digestentrypoint" class= "org.springframework.security.web.authentication.www.digestauthenticationentrypoint"> <property name="realmname" value="contacts realm via digest authentication"/> <property name="key" value="acegi"/> <property name="noncevalidityseconds" value="10"/> </b
Read more