AWS S3 | 允许被授权者仅从存储桶下载对象
[英]AWS S3 | Allow grantee to ONLY download objects from the bucket
问题描述
It is possible to allow grantee to ONLY download objects from the AWS S3 bucket?
是否可以允许被授权者仅从 AWS S3 存储桶下载对象? They should not be able to upload any documents in the bucket.他们应该无法上传存储桶中的任何文档。 If it is possible what bucket permissions should we assign to grantee?如果可能的话,我们应该将哪些存储桶权限分配给被授权者? I tried searching this over the web but couldn't find any relevant links.我尝试在 web 上搜索此内容,但找不到任何相关链接。 Thanks in advance!提前致谢!
1 个解决方案
解决方案1
1 2021-01-17 10:09:49
You can use following URL to generate the required policy.您可以使用以下 URL 生成所需的策略。
https://awspolicygen.s3.amazonaws.com/policygen.html https://awspolicygen.s3.amazonaws.com/policygen.html
Select Type of Policy: S3 Bucket Policy Select 策略类型: S3 存储桶策略
Effect: Check Allow效果:勾选允许
Principal: * (Which means for every one)校长:*(这意味着每个人)
Actions: GetObject动作: GetObject
Amazon Resource Name (ARN): ARN should follow the following format: arn:aws:s3:::<bucket_name>/<key_name>. Amazon 资源名称 (ARN): ARN 应遵循以下格式:arn:aws:s3:::<bucket_name>/<key_name>。 Use a comma to separate multiple values.使用逗号分隔多个值。
Press Add statement and in step 3 you will be able to generate required policy.按添加语句,在第 3 步中,您将能够生成所需的策略。
Below is a sample policy.下面是一个示例策略。
{
"Id": "PolicyID",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1610823452352355758",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::sample-resource-name/*",
"Principal": "*"
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.