S3存储桶策略-使用“任何经过身份验证的用户”还是存储桶策略?
[英]S3 Bucket Policy - use “Any Authenticated User” or bucket policy?
问题描述
I've set up an S3 bucket and an IAM user who has full access to the bucket. 
我已经设置了一个S3存储桶和一个对存储桶具有完全访问权限的IAM用户。
Im confused about how to restrict access to the bucket so only this user and cloud front can access it. 我对如何限制对存储桶的访问感到困惑,因此只有该用户和云前端可以访问它。 The cloud front policy was auto generated for me in the cloudfront control pannel. Cloud Front策略是在CloudFront控制面板中为我自动生成的。
But as for allowing only my IAM user access, do I: 但是关于仅允许我的IAM用户访问,我是否:
Allow "Any Authenticated User", does this refer to my IAM user or to any AWS user in general?
允许“任何经过身份验证的用户”,这是我的IAM用户还是一般的任何AWS用户? Or do I need to amend the bucket policy?
还是我需要修改存储桶政策?
1 个解决方案
解决方案1
2 已采纳 2016-11-11 17:21:09
Any Authenticated User means any user that has an Amazon AWS Account. Any Authenticated User是指拥有Amazon AWS账户的任何用户。
You may want to attach a policy to the IAM user and not deal with bucket policy. 您可能想将策略附加到IAM用户,而不处理存储桶策略。 Or add a bucket policy to allow only that IAM user. 或添加存储桶策略以仅允许该IAM用户。 Examples for both are in: IAM Policies and Bucket Policies 两者的示例在: IAM策略和存储桶策略
Sample S3 Bucket Policy S3存储桶策略样本
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": ["arn:aws:iam::111122223333:user/Alice",
"arn:aws:iam::111122223333:root"]
},
"Action": "s3:*",
"Resource": ["arn:aws:s3:::my_bucket",
"arn:aws:s3:::my_bucket/*"]
}
]
}
Sample IAM Policy IAM政策示例
{
"Version": "2012-10-17",
"Statement":[{
"Effect": "Allow",
"Action": "s3:*",
"Resource": ["arn:aws:s3:::my_bucket",
"arn:aws:s3:::my_bucket/*"]
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.