[英]S3 bucket policy: allow full access to a bucket and all its objects
I would like a bucket policy that allows access to all objects in the bucket, and to do operations on the bucket itself like listing objects.我想要一个允许访问存储桶中所有对象的存储桶策略,并对存储桶本身进行操作,如列出对象。 (Action is
s3:*
.) (动作是
s3:*
。)
I was able to solve this by using two distinct resource names: one for arn:aws:s3:::examplebucket/*
and one for arn:aws:s3:::examplebucket
.我能够通过使用两个不同的资源名称来解决这个问题:一个用于
arn:aws:s3:::examplebucket/*
,一个用于arn:aws:s3:::examplebucket
。
Is there a better way to do this - is there a way to specify a resource identifier that refers to the bucket itself and all its contained objects, in one shot?有没有更好的方法来做到这一点 - 有没有一种方法可以一次性指定一个引用存储桶本身及其所有包含对象的资源标识符?
Permissions against the Bucket are separate to permissions against Objects within the Bucket. 针对存储桶的权限与针对存储桶内的对象的权限是分开的。 Therefore, you must grant permissions to both.
因此,您必须同时授予这两个权限。
Fortunately, you can write a shorter version to combine bucket-level and object-level permissions: 幸运的是,您可以编写一个较短的版本来结合存储桶级和对象级权限:
{
"Id": "BucketPolicy",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllAccess",
"Action": "s3:*",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
],
"Principal": "*"
}
]
}
AWS has updated how it lets you enter Bucket Policy on the permissions page. AWS 更新了它允许您在权限页面上输入存储桶策略的方式。 I used the provided UI layer to add Action and resources.
我使用提供的 UI 层来添加 Action 和资源。 Use the below-mentioned policy and change the resource according to your bucket
使用下面提到的策略并根据您的存储桶更改资源
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "your_arn/*"
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.