[英]Setting IAM Policy on AWS S3 Bucket (allow change ACL)
I am just setting up an IAM for an external contractor who will be updating our website which is located in an S3 bucket www.mybucketsite.com
我只是为外部承包商设置 IAM,该承包商将更新我们位于 S3 存储桶
www.mybucketsite.com
I am having trouble trying to allocate them the right permissions which will allow them to change the ACLs on individual files to make them public or private after uploading.我在尝试为他们分配正确的权限时遇到问题,这将允许他们更改单个文件的 ACL,以便在上传后将它们设为公开或私有。
Current IAM Policy is as thus:当前的 IAM 政策如下:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::www.mybucketsite.com"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:GetObjectAcl",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::www.mybucketsite.com/*"
]
}
]
}
So far, they can see, upload and delete files just fine.到目前为止,他们可以很好地查看、上传和删除文件。 When changing ACL's though, they can see existing ACL settings, but they are getting a 'Permission Denied' error message back when trying to update them.
但是,在更改 ACL 时,他们可以看到现有的 ACL 设置,但在尝试更新它们时会收到“权限被拒绝”错误消息。
What have I missed out on?我错过了什么?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.