让Apache Camel与Amazon S3 Bucket一起使用所需的最低权限是什么?

uqdfh47h  于 12个月前  发布在  Apache
关注(0)|答案(1)|浏览(144)

我尝试使用Apache Camel + Amazon S3制作一个应用程序。这只是一个简单的例子,其中一个文件将被端点接收,并将被处理并发送到S3存储桶。

s3.bucket=my-bucket
camel.component.aws2-s3.access-key=${AWS_ACCESS_KEY_ID}
camel.component.aws2-s3.secret-key=${AWS_SECRET_ACCESS_KEY}
camel.component.aws2-s3.region=${AWS_REGION:us-east-2}

from("direct:s3")
        .log(INFO, log, "Sending to S3")
        .process(S3Processor())
        .to("aws2-s3://${properties.s3Bucket}?multiPartUpload=true&partSize=10485760")

字符串
当我给予我的用户S3:* 权限时,一切都很好。但我发现很难“微调”这些权限。每当我试图使用最低限度时,就像这样:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:ListBucket"
            ],
            "Resource": "arn:aws:s3:::*/*"
        }
    ]
}


启动应用程序时会出现S3错误:

org.apache.camel.FailedToStartRouteException: Failed to start route route3 because of null
    at org.apache.camel.impl.engine.RouteService.warmUp(RouteService.java:123) ~[camel-base-engine-3.11.0.jar:3.11.0]
    at org.apache.camel.impl.engine.InternalRouteStartupManager.doWarmUpRoutes(InternalRouteStartupManager.java:306) ~[camel-base-engine-3.11.0.jar:3.11.0]
    at org.apache.camel.impl.engine.InternalRouteStartupManager.safelyStartRouteServices(InternalRouteStartupManager.java:189) ~[camel-base-engine-3.11.0.jar:3.11.0]
    at org.apache.camel.impl.engine.InternalRouteStartupManager.doStartOrResumeRoutes(InternalRouteStartupManager.java:147) ~[camel-base-engine-3.11.0.jar:3.11.0]
    at org.apache.camel.impl.engine.AbstractCamelContext.doStartCamel(AbstractCamelContext.java:3166) ~[camel-base-engine-3.11.0.jar:3.11.0]
    at org.apache.camel.impl.engine.AbstractCamelContext.doStartContext(AbstractCamelContext.java:2846) ~[camel-base-engine-3.11.0.jar:3.11.0]
    at org.apache.camel.impl.engine.AbstractCamelContext.doStart(AbstractCamelContext.java:2797) ~[camel-base-engine-3.11.0.jar:3.11.0]
    at org.apache.camel.spring.boot.SpringBootCamelContext.doStart(SpringBootCamelContext.java:43) ~[camel-spring-boot-3.11.0.jar:3.11.0]
    at org.apache.camel.support.service.BaseService.start(BaseService.java:119) ~[camel-api-3.11.0.jar:3.11.0]
    at org.apache.camel.impl.engine.AbstractCamelContext.start(AbstractCamelContext.java:2494) ~[camel-base-engine-3.11.0.jar:3.11.0]
    at org.apache.camel.impl.DefaultCamelContext.start(DefaultCamelContext.java:245) ~[camel-core-engine-3.11.0.jar:3.11.0]
    at org.apache.camel.spring.SpringCamelContext.start(SpringCamelContext.java:119) ~[camel-spring-3.11.0.jar:3.11.0]
    at org.apache.camel.spring.SpringCamelContext.onApplicationEvent(SpringCamelContext.java:151) ~[camel-spring-3.11.0.jar:3.11.0]
    at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:176) ~[spring-context-5.3.6.jar:5.3.6]
    at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:169) ~[spring-context-5.3.6.jar:5.3.6]
    at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:143) ~[spring-context-5.3.6.jar:5.3.6]
    at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:421) ~[spring-context-5.3.6.jar:5.3.6]
    at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:378) ~[spring-context-5.3.6.jar:5.3.6]
    at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:938) ~[spring-context-5.3.6.jar:5.3.6]
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:586) ~[spring-context-5.3.6.jar:5.3.6]
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:782) ~[spring-boot-2.4.5.jar:2.4.5]
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:774) ~[spring-boot-2.4.5.jar:2.4.5]
    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:439) ~[spring-boot-2.4.5.jar:2.4.5]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:339) ~[spring-boot-2.4.5.jar:2.4.5]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1340) ~[spring-boot-2.4.5.jar:2.4.5]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1329) ~[spring-boot-2.4.5.jar:2.4.5]
    at net.myapp.RouterApplicationKt.main(RouterApplication.kt:15) ~[main/:na]


我找不到任何地方列出我的用户应该拥有的最低权限。有人知道这些权限是什么吗?
啊,在任何人问之前,只要有s3:PutObject权限,我就可以使用aws命令行客户端将文件上传到我的bucket。
[]'s

apache-camel

1条答案

按热度按时间
izj3ouym

izj3ouym1#

在缩小了权限组合的范围后,我最终得到了与开始时相同的结果:

"Action": [
    "s3:PutObject",
    "s3:PutObjectAcl",
    "s3:ListBucket"
]

字符串
唯一的区别是,我还将作用域限制为单个bucket,而不是使用all bucket arn(“Resource”:“arn:aws:s3:/”)。

赞(0)分享  回复(0)举报  12个月前
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com