[英]Limiting access to AWS S3 with policy is not working as expected
I have a user group which we use for one of our environments in AWS. 我有一个用户组,可用于AWS中的一种环境。 We are trying to limit access of that group only to specific S3 bucket.
我们正在尝试将该组的访问权限限制为仅特定的S3存储桶。
So, I created a policy as follows: 因此,我创建了如下策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::staging"
}
]
}
If I use AWS policy simulator, all shows as expected (at least looks like it). 如果我使用AWS策略模拟器,则所有显示均符合预期(至少看起来像它一样)。 But, through the app, that uses the API key of a user in this group I am getting access denied when I upload a file.
但是,通过该应用程序使用该组中用户的API密钥,我上载文件时访问被拒绝。
What am I doing wrong? 我究竟做错了什么?
This gives the same result 这给出了相同的结果
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:DeleteObject",
"s3:DeleteObjectVersion"
],
"Resource": [
"arn:aws:s3:::staffila-staging",
"arn:aws:s3:::staffila-staging/*"
]
}
]
}
Use this policy this will work. 使用此策略将起作用。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::staging"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:DeleteObject",
"s3:DeleteObjectVersion"
],
"Resource": ["arn:aws:s3:::staging/*"]
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.