堆栈内存溢出
  简体   繁体   English

Amazon IAM权限将S3FullAccess权限限制为一个存储桶

[英]Amazon IAM permissions limit S3FullAccess permission to one bucket

 原文  2015-12-05 00:45:03       amazon-web-services/ amazon-s3/ amazon-iam

问题描述

I am new to Amazon IAM permissions. 我是Amazon IAM权限的新手。 I created a group, added some users and then added a Policy, the one I found that suited me the most is called AmazonS3FullAccess policy, but I want to grant the group full access permission only to one of my buckets, not to all of them, how can I do that? 我创建了一个组,添加了一些用户,然后添加了一个策略,我发现最适合我的策略称为AmazonS3FullAccess策略,但我想仅向我的一个存储桶(而不是对所有存储桶)授予该组完全访问权限, 我怎样才能做到这一点?

1 个解决方案

解决方案1
 2 已采纳  2015-12-05 01:03:46

I assume AmazonS3FullAccess looks like this: 我假设AmazonS3FullAccess看起来像这样: 

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "*"
    }
  ]
}

In IAM Policies, things like buckets are identified by the element " Resource ." 在IAM策略中,诸如存储桶之类的内容由元素“ Resource ”标识。 You might notice the policy above specifies the resource as the wildcard character * . 您可能会注意到上面的策略将资源指定为通配符* This means that the policy above applies to all S3 resources. 这意味着以上策略适用于所有S3资源。

You can limit the policy to a single S3 bucket by specifying the ARN of the bucket you wish to use: 您可以通过指定要使用的存储桶的ARN将策略限制为单个S3存储桶: 

"Resource": "arn:aws:s3:::EXAMPLE-BUCKET-NAME"

Related: 有关:

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Amazon IAM权限仅列出一个存储桶 - Amazon IAM permissions list only one bucket AWS IAM对ONE S3中的GetObjects权限不起作用 - AWS IAM Permissions for GetObjects in ONE S3 Bucket not working 仅向一位 IAM 用户授予对 Amazon S3 存储桶的访问权限 - Grant access to Amazon S3 bucket only to one IAM User S3存储桶的基本AWS IAM权限 - Basic AWS IAM permissions for an S3 bucket 如何设置权限,以便IAM可以使用C#上传到Amazon S3存储桶? - How do I set permissions so an IAM can upload to an Amazon S3 bucket in C#? 如何为IAM用户设置Amazon S3存储桶权限? - How can I set up Amazon S3 bucket permission to an IAM user? IAM 用户 S3 权限和 S3 中的 Bucket 权限哪个先执行? - IAM User S3 permission and Bucket permission in S3 which one will execute first? 对S3存储桶的IAM策略的权限被拒绝 - Permission denied for IAM policy to S3 bucket 为什么S3权限可以同时由IAM策略和存储桶策略管理,而不是仅由一个或另一个管理? - Why can S3 permissions be managed by both IAM Policies and Bucket Policies, instead of just one or the other? 即使 S3 资源是公开的,托管 Web 应用程序的 EC2 实例是否需要任何角色(如 s3fullaccess)? - Does an EC2 instance hosting a web app require any role ( like s3fullaccess) even when the S3 resouce is public?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM