AWS 将策略设置为特定的 S3 存储桶文件夹
AWS set policy to specific S3 bucket folder
我有这个政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::static.MYURL.com",
"arn:aws:s3:::static.MYURL.com/images/carousel/*"
]
}
]
}
并且当前该策略下的用户可以 List static.MYURL.com 存储桶中的所有对象。
如何限制只能看到 static.MYURL.com/images/carousel/ 下的对象?
我只希望用户可以列出、删除、获取和读取该文件夹中的对象
请参考AWS的以下文档;
或
或
您可以使用AWS Policy Generator
是的,您可以查看@amitd 提供的一些有用链接。这是一份有望满足您需求的政策示例:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::static.MYURL.com",
"arn:aws:s3:::static.MYURL.com/images/carousel/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::static.MYURL.com"
],
"Condition": {
"StringLike": {
"s3:prefix": [
"images/carousel/*"
]
}
}
}
]
}
我有这个政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::static.MYURL.com",
"arn:aws:s3:::static.MYURL.com/images/carousel/*"
]
}
]
}
并且当前该策略下的用户可以 List static.MYURL.com 存储桶中的所有对象。
如何限制只能看到 static.MYURL.com/images/carousel/ 下的对象?
我只希望用户可以列出、删除、获取和读取该文件夹中的对象
请参考AWS的以下文档;
或
或
您可以使用AWS Policy Generator
是的,您可以查看@amitd 提供的一些有用链接。这是一份有望满足您需求的政策示例:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::static.MYURL.com",
"arn:aws:s3:::static.MYURL.com/images/carousel/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::static.MYURL.com"
],
"Condition": {
"StringLike": {
"s3:prefix": [
"images/carousel/*"
]
}
}
}
]
}