[英]Amazon IAM permissions limit S3FullAccess permission to one bucket
I am new to Amazon IAM permissions. 我是Amazon IAM权限的新手。 I created a group, added some users and then added a Policy, the one I found that suited me the most is called AmazonS3FullAccess
policy, but I want to grant the group full access permission only to one of my buckets, not to all of them, how can I do that? 我创建了一个组,添加了一些用户,然后添加了一个策略,我发现最适合我的策略称为AmazonS3FullAccess
策略,但我想仅向我的一个存储桶(而不是对所有存储桶)授予该组完全访问权限, 我怎样才能做到这一点?
I assume AmazonS3FullAccess
looks like this: 我假设AmazonS3FullAccess
看起来像这样:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*"
}
]
}
In IAM Policies, things like buckets are identified by the element " Resource ." 在IAM策略中,诸如存储桶之类的内容由元素“ Resource ”标识。 You might notice the policy above specifies the resource as the wildcard character *
. 您可能会注意到上面的策略将资源指定为通配符*
。 This means that the policy above applies to all S3 resources. 这意味着以上策略适用于所有S3资源。
You can limit the policy to a single S3 bucket by specifying the ARN of the bucket you wish to use: 您可以通过指定要使用的存储桶的ARN将策略限制为单个S3存储桶:
"Resource": "arn:aws:s3:::EXAMPLE-BUCKET-NAME"
Related: 有关:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.