[英]Restrict user access to Single S3 Bucket using Amazon IAM?
When you work with the team, you might want to restrict an access to a single S3 bucket to specific users. 与团队合作时,您可能希望将对单个S3存储桶的访问限制为特定用户。 How can I achieve this?
我该如何实现?
The following code is not working. 以下代码不起作用。 The user still has full permission.
用户仍然具有完全权限。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::Privatebacket",
"arn:aws:s3:::Privatebacket/*"
]
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::YOUR-BUCKET",
"arn:aws:s3:::YOUR-BUCKET/*"
]
}
]
}
https://www.serverkaka.com/2018/05/grant-access-to-only-one-s3-bucket-to-aws-user.html https://www.serverkaka.com/2018/05/grant-access-to-only-one-s3-bucket-to-aws-user.html
Try the below mentioned link. 试试下面提到的链接。 You can grant user specific folder permissions using IAM policies.
您可以使用IAM策略授予用户特定的文件夹权限。
https://aws.amazon.com/blogs/security/writing-iam-policies-grant-access-to-user-specific-folders-in-an-amazon-s3-bucket/ https://aws.amazon.com/blogs/security/writing-iam-policies-grant-access-to-user-specific-folders-in-an-amazon-s3-bucket/
You can add an inline policy for that IAM user. 您可以为该IAM用户添加内联策略。 You can set a 'deny' policy to that specific s3 bucket.
您可以为特定的s3存储桶设置“拒绝”策略。
Policy Document: 政策文件:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1497522841000",
"Effect": "Deny",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::mjzone-private"
]
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.