拒绝S3存储桶中特定文件夹的特定用户的权限
[英]Deny permission to specific user of specific folder inside S3 bucket
问题描述
In AWS S3, I have one bucket named "Environments" under that I have 4 folders named "sandbox", "staging", "prod1" and "prod2" respectively and the permission of the whole bucket is "public". 
在AWS S3中,我有一个名为“ Environments”的存储桶,在该存储桶中有4个分别名为“ sandbox”,“ staging”,“ prod1”和“ prod2”的文件夹,并且整个存储桶的权限为“ public”。
Now I want to restrict One AWS user named "developer" to write anything into "prod1" and "prod2" folder but it can view them. 现在,我想限制一个名为“ developer”的AWS用户将任何内容写入“ prod1”和“ prod2”文件夹,但它可以查看它们。
Kindly help me out with this 请帮助我
1 个解决方案
解决方案1
0 已采纳 2018-10-09 05:08:38
Create below policy and attach to a user developer 创建以下策略并附加到用户开发人员
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::Environments",
"arn:aws:s3:::Environments/sandbox/*",
"arn:aws:s3:::Environments/staging/*",
]
}
]
}
This policy allows to full permission to folder sandbox and staging, but restrict another folder to user developer 此策略允许对文件夹沙箱和暂存具有完全权限,但将另一个文件夹限制为用户开发人员
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.