S3存储桶访问
[英]S3 bucket access
问题描述
I am trying to give single S3 bucket access to different user without listing all the buckets, Hence I didnot use list all my buckets policy. 
我试图将单个S3存储桶授予不同用户访问权限,而不列出所有存储桶,因此我没有使用列出所有存储桶策略。 The buckets contains different folders inside folders, when I am trying to list the contents in the folder through its shows nothing 这些存储桶在文件夹内包含不同的文件夹,当我尝试通过其不显示任何内容列出文件夹中的内容时
The policy I am using 我正在使用的政策
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ListBucket",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::abcd”
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::abcd”
},
{
"Sid": "AddDeleteFiles",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::abcd”
},
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::abcd/*”
}
]
}
output of s3cmd ls [s3://abcd/aa] -acess denied s3cmd ls [s3:// abcd / aa]的输出-访问被拒绝
1 个解决方案
解决方案1
0 2015-06-25 23:15:40
Did you configure your s3cmd with the right aws_access_key_id and aws_secret_access_key ? 您是否使用正确的aws_access_key_id和aws_secret_access_key配置了s3cmd?
s3cmd --configure
basically creates a ~/.s3cfg command with the right parameters. 基本上是创建带有正确参数的〜/ .s3cfg命令。
Also on Principal you need to specify your account id. 同样在Principal上,您需要指定您的帐户ID。 For example: 例如:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddCannedAcl",
"Effect":"Allow",
"Principal": {"AWS": ["arn:aws:iam::111122223333:root","arn:aws:iam::444455556666:root"]},
"Action":["s3:PutObject","s3:PutObjectAcl"],
"Resource":["arn:aws:s3:::examplebucket/*"],
"Condition":{"StringEquals":{"s3:x-amz-acl":["public-read"]}}
}
]
}
You'll have to make sure what your are putting in a bucket policy or IAM policy, as they are not interchangeable. 您必须确保存储桶策略或IAM策略中包含哪些内容,因为它们是不可互换的。 You can have both but you have to make sure each one is the correct for the type of policy 您可以同时拥有两者,但必须确保每一项都是正确的保单类型
Hope it helps. 希望能帮助到你。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.