您遇到的 

1
Access Denied

 错误表明腾讯云对象存储(OSS)服务拒绝了上传请求,这通常是由于权限配置问题导致的。以下是详细的排查和解决方法:

查看日志提示ERROR 上传失败: Access Denied.总结下来配置完全正常的情况 一种是SecretKey是新建生效问题,如果新建过老KEY使用原来的就正常,或者删除现有的SecretKey再新建

202506280407298411. 检查SecretKey和SecretId

验证密钥是否正确

  • 确保使用的 
    1
    SecretId

     和 

    1
    SecretKey

     是最新有效的

  • 在腾讯云控制台重新获取密钥:
    1. 登录腾讯云控制台
    2. 进入「访问管理」→「API密钥管理」
    3. 确认或重新生成SecretKey

代码中正确配置

javascript


1
2
3
4
5
<span class="hljs-comment">// 示例配置</span>

<span class="hljs-keyword">const</span> cos = <span class="hljs-keyword">new</span> <span class="hljs-title function_">COS</span>({

  <span class="hljs-title class_">SecretId</span>: <span class="hljs-string">'AKIDxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'</span>,

  <span class="hljs-title class_">SecretKey</span>: <span class="hljs-string">'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'</span>,

});

2. 检查存储桶(Bucket)权限

存储桶访问权限设置

  1. 进入COS控制台
  2. 找到目标存储桶 → 点击「权限管理」
  3. 检查:
    • 公有权限:至少设置为"私有读写"或根据需求调整
    • 用户权限:确保当前账号有写入权限

20250628041010800跨域设置(CORS)

  1. 在存储桶的「安全设置」→「跨域访问CORS设置」

20250628041059700添加或修改规则,确保包含:

json
{


1
2
3
4
5
6
  <span class="hljs-attr">"AllowedOrigins"</span><span class="hljs-punctuation">:</span> <span class="hljs-punctuation">[</span><span class="hljs-string">"*"</span><span class="hljs-punctuation">]</span><span class="hljs-punctuation">,</span>

  <span class="hljs-attr">"AllowedMethods"</span><span class="hljs-punctuation">:</span> <span class="hljs-punctuation">[</span><span class="hljs-string">"PUT"</span><span class="hljs-punctuation">,</span> <span class="hljs-string">"POST"</span><span class="hljs-punctuation">,</span> <span class="hljs-string">"GET"</span><span class="hljs-punctuation">,</span> <span class="hljs-string">"DELETE"</span><span class="hljs-punctuation">,</span> <span class="hljs-string">"HEAD"</span><span class="hljs-punctuation">]</span><span class="hljs-punctuation">,</span>

  <span class="hljs-attr">"AllowedHeaders"</span><span class="hljs-punctuation">:</span> <span class="hljs-punctuation">[</span><span class="hljs-string">"*"</span><span class="hljs-punctuation">]</span><span class="hljs-punctuation">,</span>

  <span class="hljs-attr">"ExposeHeaders"</span><span class="hljs-punctuation">:</span> <span class="hljs-punctuation">[</span><span class="hljs-string">"ETag"</span><span class="hljs-punctuation">]</span><span class="hljs-punctuation">,</span>

  <span class="hljs-attr">"MaxAgeSeconds"</span><span class="hljs-punctuation">:</span> <span class="hljs-number">3600</span>

<span class="hljs-punctuation">}</span>

3. 检查IAM权限策略

确认账号有足够权限

  1. 进入「访问管理」→「策略管理」
  2. 检查关联的策略是否包含COS写入权限,如:
    • 1
      QcloudCOSFullAccess

       (完全访问)

    • 1
      QcloudCOSDataWriteOnly

       (仅写入)

20250628041213483

20250628041239338或创建自定义策略

json


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
<span class="hljs-punctuation">{</span>

  <span class="hljs-attr">"version"</span><span class="hljs-punctuation">:</span> <span class="hljs-string">"2.0"</span><span class="hljs-punctuation">,</span>

  <span class="hljs-attr">"statement"</span><span class="hljs-punctuation">:</span> <span class="hljs-punctuation">[</span>

    <span class="hljs-punctuation">{</span>

      <span class="hljs-attr">"effect"</span><span class="hljs-punctuation">:</span> <span class="hljs-string">"allow"</span><span class="hljs-punctuation">,</span>

      <span class="hljs-attr">"action"</span><span class="hljs-punctuation">:</span> <span class="hljs-punctuation">[</span>

        <span class="hljs-string">"cos:PutObject"</span><span class="hljs-punctuation">,</span>

        <span class="hljs-string">"cos:PostObject"</span><span class="hljs-punctuation">,</span>

        <span class="hljs-string">"cos:InitiateMultipartUpload"</span><span class="hljs-punctuation">,</span>

        <span class="hljs-string">"cos:ListMultipartUploads"</span><span class="hljs-punctuation">,</span>

        <span class="hljs-string">"cos:ListParts"</span><span class="hljs-punctuation">,</span>

        <span class="hljs-string">"cos:UploadPart"</span><span class="hljs-punctuation">,</span>

        <span class="hljs-string">"cos:CompleteMultipartUpload"</span>

      <span class="hljs-punctuation">]</span><span class="hljs-punctuation">,</span>

      <span class="hljs-attr">"resource"</span><span class="hljs-punctuation">:</span> <span class="hljs-punctuation">[</span>

        <span class="hljs-string">"qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/*"</span>

      <span class="hljs-punctuation">]</span>

    <span class="hljs-punctuation">}</span>

  <span class="hljs-punctuation">]</span>

<span class="hljs-punctuation">}</span>

4. 检查请求参数

验证上传代码

确保上传请求包含所有必要参数:

javascript


1
2
3
4
5
6
7
8
cos.<span class="hljs-title function_">putObject</span>({

  <span class="hljs-title class_">Bucket</span>: <span class="hljs-string">'examplebucket-1250000000'</span>,

  <span class="hljs-title class_">Region</span>: <span class="hljs-string">'ap-guangzhou'</span>,

  <span class="hljs-title class_">Key</span>: <span class="hljs-string">'exampleobject'</span>,

  <span class="hljs-title class_">Body</span>: file,

}, <span class="hljs-keyword">function</span>(<span class="hljs-params">err, data</span>) {

  <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">log</span>(err || data);

});

常见参数问题

  • Bucket名称格式
    1
    examplebucket-1250000000

     (必须包含APPID)

  • Region匹配:确保与存储桶创建时选择的区域一致
  • Key命名规范:不能以斜杠开头

5. 临时访问凭证(推荐生产环境使用)

使用临时密钥更安全

javascript


1
2
3
4
5
6
7
8
9
10
11
12
13
14
<span class="hljs-comment">// 从服务器获取临时密钥</span>

<span class="hljs-keyword">const</span> credentials = <span class="hljs-keyword">await</span> <span class="hljs-title function_">getTempCredential</span>(); 



<span class="hljs-keyword">const</span> cos = <span class="hljs-keyword">new</span> <span class="hljs-title function_">COS</span>({

  <span class="hljs-attr">getAuthorization</span>: <span class="hljs-keyword">function</span>(<span class="hljs-params">options, callback</span>) {

    <span class="hljs-title function_">callback</span>({

      <span class="hljs-title class_">TmpSecretId</span>: credentials.<span class="hljs-property">tmpSecretId</span>,

      <span class="hljs-title class_">TmpSecretKey</span>: credentials.<span class="hljs-property">tmpSecretKey</span>,

      <span class="hljs-title class_">SecurityToken</span>: credentials.<span class="hljs-property">sessionToken</span>,

      <span class="hljs-title class_">StartTime</span>: credentials.<span class="hljs-property">startTime</span>,

      <span class="hljs-title class_">ExpiredTime</span>: credentials.<span class="hljs-property">expiredTime</span>,

    });

  }

});

6. 调试和日志

开启SDK调试日志

javascript


1
2
3
4
<span class="hljs-keyword">const</span> cos = <span class="hljs-keyword">new</span> <span class="hljs-title function_">COS</span>({

  <span class="hljs-comment">// ...其他配置</span>

  <span class="hljs-title class_">Logger</span>: <span class="hljs-variable language_">console</span>, <span class="hljs-comment">// 打印调试日志</span>

});

检查腾讯云返回的完整错误

javascript


1
2
3
4
5
cos.<span class="hljs-title function_">putObject</span>({<span class="hljs-comment">/*...*/</span>}, <span class="hljs-keyword">function</span>(<span class="hljs-params">err, data</span>) {

  <span class="hljs-keyword">if</span> (err) {

    <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">error</span>(<span class="hljs-string">'完整错误信息:'</span>, err);

  }

});

7. 其他可能原因

  1. 存储桶不存在:确认Bucket名称拼写正确
  2. 网络策略限制:检查安全组/ACL是否阻止请求
  3. 欠费停服:确认账户余额充足
  4. 请求超时:调整SDK超时设置

通过以上步骤系统排查,应该能解决您的"Access Denied"问题。如果仍无法解决,建议提供完整错误日志联系腾讯云技术支持

服务声明: 本网站除正版商用版块可商用外,其他所有发布的源码、软件和资料均为作者提供或网友推荐收集各大资源网站整理而来,仅供功能验证和学习研究使用,您必须在下载后24小时内删除。不得使用于非法商业用途,不得违反国家法律,否则后果自负!一切关于该资源商业行为与本站无关。如果您喜欢该程序,请支持购买正版源码,得到更好的正版服务。如有侵犯你的版权合法权益,请邮件或QQ:3089659733与我们联系处理删除(邮箱:ynzsy@qq.com),本站将立即更正。