如何限制 Visual Studio AWS 资源管理器中列出的 S3 存储桶
[英]How to restrict the S3 buckets listing in the Visual Studio AWS explorer
问题描述
I am setting up the AWS toolkit in the Visual Studio.
我正在 Visual Studio 中设置 AWS 工具包。 I have created an IAM user which will be used for development.我创建了一个将用于开发的 IAM 用户。
But for the IAM user I have configured I am seeing that it cannot see the S3 buckets in the explorer.但是对于我配置的 IAM 用户,我看到它在资源管理器中看不到 S3 存储桶。 It gives "Access denied".它给出“拒绝访问”。
This is the custom role assigned to the IAM user:这是分配给 IAM 用户的自定义角色:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListing",
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::dev-buckets"
},
{
"Sid": "AllowReadWriteDel",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::dev-buckets/*"
}
]
}
The only way I can get it working is by adding "AmazonS3FullAccess" policy to the IAM user.我可以让它工作的唯一方法是向 IAM 用户添加“AmazonS3FullAccess”策略。 But then it exposes all the buckets in the account.但随后它会暴露帐户中的所有存储桶。 Not just the buckets meant for the developers.不仅仅是为开发人员准备的存储桶。
Is it possible to do using a custom policy?是否可以使用自定义策略? I am a beginner.我是初学者。
1 个解决方案
解决方案1
0 2021-10-02 08:14:16
You cannot only list specific bucket when trying to list buckets.尝试列出存储桶时,您不能只列出特定的存储桶。
I think the following policy should help you out:我认为以下政策应该可以帮助您:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::dev-buckets",
"arn:aws:s3:::dev-buckets/*"
]
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.