duanba8173
2016-07-24 22:35 阅读 47
已采纳

AWS CloudTrail Create API for Go SDK引发错误消息“ InsufficientS3BucketPolicyException:为存储桶检测到错误的S3存储桶策略”

I am trying to create a cloudtrail using Go SDK. Successfully able to connect AWS without any issue by following AWS doc.

I Followed below steps for creating a trail

Step1 - Created S3 Bucket, so that all trail log files can be placed in this bucket.

CreateS3Bucket: Code

func CreateS3Bucket(bucketName string) error {
bucketName := "s3-bucket-123"
svc := s3.New(session.New(&aws.Config{Region: aws.String("us-east-1")}))

params := &s3.CreateBucketInput{
    Bucket: aws.String(bucketName), // Required
}
resp, err1 := svc.CreateBucket(params)

if err1 != nil {
    // Print the error, cast err to awserr.Error to get the Code and
    // Message from an error.
    log.Errorf("S3 Bucket Creation Fails: %s", err1.Error())
    errs := errors.New("500")
    return errs
}

// Pretty-print the response data.
log.Infof("Bucket Successfully created: %s", resp)
return nil
}

Success Response:

{
  Location: \"/s3-bucket-123\"
}" 

Step2 - Create CloudTrail

CreateCloudTrail: Code

func (ref *AwsCloudTrail) CreateCloudTrail(bucketName, trailName string) error {
svc := cloudtrail.New(session.New(&aws.Config{Region: aws.String("us-east-1")}))

//bucketName is "s3-bucket-123" and trailName is cloudtrail123

params := &cloudtrail.CreateTrailInput{
    Name:                       aws.String(trailName), // Required
    S3BucketName:               aws.String(bucketName), // Required
}

resp, errs := svc.CreateTrail(params)

if errs != nil {
    // Print the error, cast err to awserr.Error to get the Code and
    // Message from an error.
    log.Errorf("Error while creating trail %v",errs.Error())
    err := errors.New("500")
    return err
}

// Pretty-print the response data.
log.Infof("create trail response: %s",resp)

return nil
}

Response

"Error while creating trail InsufficientS3BucketPolicyException: Incorrect S3 bucket policy is detected for bucket: s3-bucket-123
\tstatus code: 400, request id: 203d63d6-51ea-11e6-bb2c-b5d25b86e418" 

Can anyone please tell me where i am doing wrong. what S3 Policy do i need to specify while creating Trail

Any Help/Suggestion is really appreciated

Reference: https://docs.aws.amazon.com/sdk-for-go/api/service/cloudtrail/#CloudTrail.CreateTrail

https://docs.aws.amazon.com/sdk-for-go/api/service/s3/#S3.CreateBucket

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • 已采纳
    doukuanjing5404 doukuanjing5404 2016-07-24 22:43

    Your Cloud Trail should have this policy for the S3 bucket. Follow this guide there are different options in the step.

    http://docs.aws.amazon.com/awscloudtrail/latest/userguide/create-s3-bucket-policy-for-cloudtrail.html

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "AWSCloudTrailAclCheck20150319",
                "Effect": "Allow",
                "Principal": {
                    "Service": "cloudtrail.amazonaws.com"
                },
                "Action": "s3:GetBucketAcl",
                "Resource": "arn:aws:s3:::myBucketName"
            },
            {
                "Sid": "AWSCloudTrailWrite20150319",
                "Effect": "Allow",
                "Principal": {
                    "Service": "cloudtrail.amazonaws.com"
                },
                "Action": "s3:PutObject",
                "Resource": "arn:aws:s3:::myBucketName/[optional prefix]/AWSLogs/myAccountID/*",
                "Condition": {
                    "StringEquals": {
                        "s3:x-amz-acl": "bucket-owner-full-control"
                    }
                }
            }
        ]
    }
    
    点赞 评论 复制链接分享

相关推荐