简体繁体 English

AWS S3存储桶策略，允许从我的实例进行只读访问

[英]AWS S3 Bucket Policy to allow read-only access from my instances

原文 2016-02-25 18:08:36 4 3 amazon-web-services/ amazon-s3/ amazon-iam

Is it possible to create an S3 bucket policy that allows read-only access from my EC2 instances? 是否可以创建一个S3存储桶策略，以允许从我的EC2实例进行只读访问？ I tried a bunch of things, but I can't figure out what to use for the principal. 我尝试了很多事情，但是我不知道要为校长使用什么。

3 个解决方案

The principal will be the role. 主体将是角色。

ie: arn:aws:iam::accountnumber:role/rolename 即：arn：aws：iam :: accountnumber：role / rolename

This post describes how to do it: 这篇文章介绍了如何做到这一点：

http://www.tothenew.com/blog/role-based-s3-access-from-a-specific-ec2-instance/ http://www.tothenew.com/blog/role-based-s3-access-from-a-specific-ec2-instance/

just ignore the part about the IP address since you won't need it. 只需忽略IP地址部分，因为您将不需要它。

您应该为实例分配一个角色，该角色允许访问S3存储桶。

The issue is that: 问题是：

You need both the role itself and the assumed-role in your not_principals clause 您需要在not_principals子句中同时使用角色本身和假定角色
wildcards are not allowed in principal specifications 主体规范中不允许使用通配符

This explains how to use userid instead: 这说明了如何使用用户标识：

https://aws.amazon.com/blogs/security/how-to-restrict-amazon-s3-bucket-access-to-a-specific-iam-role/ https://aws.amazon.com/blogs/security/how-to-restrict-amazon-s3-bucket-access-to-a-specific-iam-role/

AWS S3 Bucket Policy允许从aws机器学习中进行读/写访问 - AWS S3 Bucket Policy to allow read/write access from aws machine learning

允许访问 Cognito 用户的 AWS S3 存储桶策略 - AWS S3 bucket policy to allow access to Cognito users

AWS S3存储桶策略-仅在前缀内允许GetObject - AWS S3 Bucket Policy - Allow GetObject only within a prefix

仅允许小写文件的 AWS S3 存储桶策略 - AWS S3 Bucket Policy to allow only lowercase files

AWS IAM策略：如何更改AWSLambdaFullAccess策略以仅允许访问一个S3存储桶？ - AWS IAM Policies: How do I alter the AWSLambdaFullAccess policy to only allow access to one S3 bucket?

Amazon S3存储桶策略允许访问仅特定的http - Amazon S3 bucket policy allow access to ONLY specific http

S3 策略允许写入存储桶但不允许从中读取，这可能吗？ - S3 policy to allow to write to a bucket but not to read from it, is it possible?

仅为1个S3存储桶创建AWS访问策略 - Create AWS Access Policy to Only 1 S3 Bucket

允许 S3 访问 AWS 控制台中当前经过身份验证的用户的 S3 存储桶策略？ - S3 Bucket Policy to allow S3 Access to Current Authenicated user in AWS Console?

如何使用 AWS amplify 从只读 AWS S3 Bucket 安全地将图像下载到 iOS 应用程序？ - How to securely download images from read-only AWS S3 Bucket to an iOS app using AWS amplify?

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS S3 Bucket Policy允许从aws机器学习中进行读/写访问 - AWS S3 Bucket Policy to allow read/write access from aws machine learning 允许访问 Cognito 用户的 AWS S3 存储桶策略 - AWS S3 bucket policy to allow access to Cognito users AWS S3存储桶策略-仅在前缀内允许GetObject - AWS S3 Bucket Policy - Allow GetObject only within a prefix 仅允许小写文件的 AWS S3 存储桶策略 - AWS S3 Bucket Policy to allow only lowercase files AWS IAM策略：如何更改AWSLambdaFullAccess策略以仅允许访问一个S3存储桶？ - AWS IAM Policies: How do I alter the AWSLambdaFullAccess policy to only allow access to one S3 bucket? Amazon S3存储桶策略允许访问仅特定的http - Amazon S3 bucket policy allow access to ONLY specific http S3 策略允许写入存储桶但不允许从中读取，这可能吗？ - S3 policy to allow to write to a bucket but not to read from it, is it possible? 仅为1个S3存储桶创建AWS访问策略 - Create AWS Access Policy to Only 1 S3 Bucket 允许 S3 访问 AWS 控制台中当前经过身份验证的用户的 S3 存储桶策略？ - S3 Bucket Policy to allow S3 Access to Current Authenicated user in AWS Console? 如何使用 AWS amplify 从只读 AWS S3 Bucket 安全地将图像下载到 iOS 应用程序？ - How to securely download images from read-only AWS S3 Bucket to an iOS app using AWS amplify?

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM