duanba8173 2016-07-24 22:35
浏览 56
已采纳

AWS CloudTrail Create API for Go SDK引发错误消息“ InsufficientS3BucketPolicyException:为存储桶检测到错误的S3存储桶策略”

I am trying to create a cloudtrail using Go SDK. Successfully able to connect AWS without any issue by following AWS doc.

I Followed below steps for creating a trail

Step1 - Created S3 Bucket, so that all trail log files can be placed in this bucket.

CreateS3Bucket: Code 

func CreateS3Bucket(bucketName string) error {
bucketName := "s3-bucket-123"
svc := s3.New(session.New(&aws.Config{Region: aws.String("us-east-1")}))

params := &s3.CreateBucketInput{
    Bucket: aws.String(bucketName), // Required
}
resp, err1 := svc.CreateBucket(params)

if err1 != nil {
    // Print the error, cast err to awserr.Error to get the Code and
    // Message from an error.
    log.Errorf("S3 Bucket Creation Fails: %s", err1.Error())
    errs := errors.New("500")
    return errs
}

// Pretty-print the response data.
log.Infof("Bucket Successfully created: %s", resp)
return nil
}

Success Response: 

{
  Location: \"/s3-bucket-123\"
}"

Step2 - Create CloudTrail

CreateCloudTrail: Code

func (ref *AwsCloudTrail) CreateCloudTrail(bucketName, trailName string) error {
svc := cloudtrail.New(session.New(&aws.Config{Region: aws.String("us-east-1")}))

//bucketName is "s3-bucket-123" and trailName is cloudtrail123

params := &cloudtrail.CreateTrailInput{
    Name:                       aws.String(trailName), // Required
    S3BucketName:               aws.String(bucketName), // Required
}

resp, errs := svc.CreateTrail(params)

if errs != nil {
    // Print the error, cast err to awserr.Error to get the Code and
    // Message from an error.
    log.Errorf("Error while creating trail %v",errs.Error())
    err := errors.New("500")
    return err
}

// Pretty-print the response data.
log.Infof("create trail response: %s",resp)

return nil
}

Response

"Error while creating trail InsufficientS3BucketPolicyException: Incorrect S3 bucket policy is detected for bucket: s3-bucket-123
\tstatus code: 400, request id: 203d63d6-51ea-11e6-bb2c-b5d25b86e418"

Can anyone please tell me where i am doing wrong. what S3 Policy do i need to specify while creating Trail

Any Help/Suggestion is really appreciated

Reference: https://docs.aws.amazon.com/sdk-for-go/api/service/cloudtrail/#CloudTrail.CreateTrail

https://docs.aws.amazon.com/sdk-for-go/api/service/s3/#S3.CreateBucket

  • 写回答

1条回答 默认 最新

  • doukuanjing5404 2016-07-24 22:43
    关注

    Your Cloud Trail should have this policy for the S3 bucket. Follow this guide there are different options in the step.

    http://docs.aws.amazon.com/awscloudtrail/latest/userguide/create-s3-bucket-policy-for-cloudtrail.html

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AWSCloudTrailAclCheck20150319",
            "Effect": "Allow",
            "Principal": {
                "Service": "cloudtrail.amazonaws.com"
            },
            "Action": "s3:GetBucketAcl",
            "Resource": "arn:aws:s3:::myBucketName"
        },
        {
            "Sid": "AWSCloudTrailWrite20150319",
            "Effect": "Allow",
            "Principal": {
                "Service": "cloudtrail.amazonaws.com"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::myBucketName/[optional prefix]/AWSLogs/myAccountID/*",
            "Condition": {
                "StringEquals": {
                    "s3:x-amz-acl": "bucket-owner-full-control"
                }
            }
        }
    ]
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 如何在3D高斯飞溅的渲染的场景中获得一个可控的旋转物体
  • ¥88 实在没有想法,需要个思路
  • ¥15 MATLAB报错输入参数太多
  • ¥15 python中合并修改日期相同的CSV文件并按照修改日期的名字命名文件
  • ¥15 有赏,i卡绘世画不出
  • ¥15 如何用stata画出文献中常见的安慰剂检验图
  • ¥15 c语言链表结构体数据插入
  • ¥40 使用MATLAB解答线性代数问题
  • ¥15 COCOS的问题COCOS的问题
  • ¥15 FPGA-SRIO初始化失败