堆栈内存溢出
  简体   繁体   English

允许用户访问S3存储桶中的一个目录

[英]Allow user access to one directory in a S3 Bucket

 原文  2017-07-05 20:00:51       amazon-web-services/ amazon-s3

问题描述

I searched through existing questions and couldnt find an answer. 我搜索了现有问题,找不到答案。

I want to restrict access to one directory S3 bucket to some user. 我想限制某些用户对一个目录S3存储桶的访问。 For example, I have the directory my-bucket/test/123. 例如,我的目录为my-bucket / test / 123。 I put a few images to this directory. 我在此目录中放置了一些图像。 Other users should not have access to this directory. 其他用户不应具有对此目录的访问权限。 Then I created Bucket policy: 然后我创建了存储桶策略: 

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "AddPerm",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::123456789000:user/some-user"
        },
        "Action": "s3:*",
        "Resource": "arn:aws:s3:::my-bucket/test/123/*"
    }
]
}

But when I tried to open file in browser, I recieved "Access Denied" message. 但是,当我尝试在浏览器中打开文件时,收到“访问被拒绝”消息。

I tried to use Deny effect and NotPrincipal . 我试图使用Deny effect和NotPrincipal In this case, the files are available to other users. 在这种情况下,其他用户可以使用这些文件。 Please help! 请帮忙!

1 个解决方案

解决方案1
 0 已采纳  2017-07-05 21:54:04

You also need bucket listing permissions on the root prefix (folder) as described in this AWS doc Writing IAM Policies: Grant Access to User-Specific Folders in an Amazon S3 Bucket : 您还需要按照本AWS文档编写IAM策略:授予对Amazon S3存储桶中用户特定文件夹的访问权限中所述的对根前缀(文件夹)的存储桶列表权限:

Although David should have access to only his home folder, he requires additional permissions so that he can navigate to his folder in the Amazon S3 console. 尽管David只能访问其主文件夹,但他需要其他权限,以便他可以导航到Amazon S3控制台中的文件夹。 David needs permission to list objects at the root level of the my-company bucket and in the home/ folder. David需要获得权限才能在my-company存储桶的根级别和home /文件夹中列出对象。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 允许IAM用户访问单个s3存储桶 - Allow IAM user to access single s3 bucket AWS S3允许Cognito用户访问存储桶前缀 - aws s3 allow access to bucket prefix for cognito user 允许外部用户(通过 Cognito)访问 S3 存储桶和控制台 - Allow an external user (through Cognito) to access a S3 bucket and console 允许用户仅上传到一个 S3 存储桶 - Allow User to Only Upload to one S3 Bucket 即使用户拥有完整的S3权限,AWS S3存储桶策略也将阻止访问除一个目录之外的所有目录 - AWS S3 Bucket Policy to block access to all but one directory, even if user has full S3 permissions 允许用户池中的 Cognito 用户访问 S3 存储桶的存储桶策略 - Bucket policy to allow Cognito user in User Pool access to S3 bucket 允许 S3 访问 AWS 控制台中当前经过身份验证的用户的 S3 存储桶策略? - S3 Bucket Policy to allow S3 Access to Current Authenicated user in AWS Console? 仅向一位 IAM 用户授予对 Amazon S3 存储桶的访问权限 - Grant access to Amazon S3 bucket only to one IAM User 允许用户访问特定 S3 存储桶以进行备份的 AWS IAM 策略 - AWS IAM Policy to allow user access to specific S3 bucket for backup 允许 IAM 用户访问 AWS S3 Bucket 中的特定文件夹以查看和上传对象 - Allow IAM user to access specific folder in AWS S3 Bucket to view and upload objects
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM