堆栈内存溢出
  简体   繁体   English

aws s3 存储桶策略

[英]aws s3 bucket policy

 原文  2016-01-08 10:08:33       amazon-web-services/ amazon-s3/ policy

问题描述

I have created a simple policy to access a specific bucket for a authenticated(access key/password )user.我创建了一个简单的策略来访问经过身份验证的(访问密钥/密码)用户的特定存储桶。 Following is policy以下是政策

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::xxxxxxx/*"
            ]
        }
    ]
}

But user cannot able to access it.但用户无法访问它。 if i replace Resource with "arn:aws:s3:::*", it works but show all buckets to attached user.如果我用“arn:aws:s3:::*”替换资源,它可以工作,但会向附加用户显示所有存储桶。

3 个解决方案

解决方案1
 4 已采纳  2016-01-08 10:43:42

Try this instead: 尝试以下方法: 

{
  "Statement": [
    {
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::xxxxxxx",
        "arn:aws:s3:::xxxxxxx/*"
      ]
    }
  ]
}

You need to grant access within the bucket (the /*) and then to the bucket itself, which is the part you are missing. 您需要在存储桶(/ *)中授予访问权限,然后再对存储桶本身授予访问权限,这是您缺少的部分。

解决方案2
 3  2016-01-08 11:01:47

As EJ Brennan suggested you can add the bucket itself to Resource list but that would give the user the right to delete the bucket itself. 正如EJ Brennan所建议的那样,您可以将存储桶本身添加到“资源”列表中,但这将使用户有权删除存储桶本身。 If you just want them to view the bucket and be able to modify the objects inside it, you can grant list access to the bucket in addition to what you currently have like this: 如果只希望他们查看存储桶并能够修改其中的对象,则除了当前具有的功能外,还可以授予对存储桶的列表访问权限: 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::xxxxxxx"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::xxxxxxx/*"
            ]
        }
    ]
}

解决方案3
 0  2022-08-25 05:29:36

I Nodejs you can do that like:我是 Nodejs,你可以这样做:

const policy = {
  Version: '2012-10-17',
  Statement: [
    {
      Sid: 'PublicListGet',
      Effect: 'Allow',
      Principal: '*',
      Action: ['s3:List*', 's3:Get*', 's3:Put*'],
      Resource: [`arn:aws:s3:::${bucketName}`, `arn:aws:s3:::${bucketName}/*`]
    }
  ]
};

const bucketPolicyParams = {
  Bucket: bucketName,
  Policy: JSON.stringify(policy)
};

await s3.putBucketPolicy(bucketPolicyParams).promise();

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS S3存储桶策略 - AWS S3 bucket policy AWS S3:特定存储桶的用户策略 - AWS S3: user policy for specifc bucket SOS AWS S3存储桶策略 - SOS AWS S3 Bucket Policy AWS S3存储桶策略安全性 - AWS S3 Bucket Policy security AWS S3存储桶策略访问被拒绝 - AWS S3 Bucket policy Access Denyed 带条件的 AWS S3 存储桶策略 - AWS S3 bucket policy with condition AWS S3存储桶策略未按预期运行 - aws s3 Bucket policy not working as expected AWS S3存储桶策略明确拒绝 - AWS S3 Bucket Policy Explicit Deny AWS S3存储桶策略白名单 - AWS S3 Bucket Policy Whitelist AWS S3 存储桶策略无效 - AWS S3 Bucket Policy is not valid
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM