AWS S3 存储桶策略 - 特定“文件夹”的只读访问权限
[英]AWS S3 Bucket Policy - Read only access for specific “folder”
问题描述
I am trying to limit access for one of the IAM users to a "folder" within an S3 bucket.
我正在尝试将其中一位 IAM 用户的访问权限限制为 S3 存储桶中的“文件夹”。 I thought I had this configured correctly, but the read access does not appear to be working.我以为我已经正确配置了这个,但是读取访问似乎不起作用。
{
"Sid": "TEST_PublicReadGetObject",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::807676775814:user/project/api/testuserapi-abc123"
},
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketByTags",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts"
],
"Resource":
"arn:aws:s3:::testbucket-securitytest/timeline/*"
}
Is there something I am missing?有什么我想念的吗? Is there sometimes a delay in making these changes or should it be instant?进行这些更改有时会延迟还是应该立即进行?
1 个解决方案
解决方案1
0 2020-05-07 22:58:26
I think I figured it out I had to allow ListBucket access first and then add the Action to allow only GetObject for that "folder".我想我发现我必须首先允许 ListBucket 访问,然后添加 Action 以仅允许 GetObject 用于该“文件夹”。 :) --- Just need to read the documentation a little more thoroughly :) --- 只需要更彻底地阅读文档
{
"Sid": "TEST_ListItems",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::807676775814:user/project/api/testuserapi"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::testbucket"
},
{
"Sid": "TEST_PublicReadGetObject",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::807676775814:user/project/api/testuserapi
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::testbucket/Timeline/*"
}`
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.