堆栈内存溢出
  简体   繁体   English

允许 IAM 用户访问 AWS S3 Bucket 中的特定文件夹以查看和上传对象

[英]Allow IAM user to access specific folder in AWS S3 Bucket to view and upload objects

 原文  2022-03-22 05:31:32       amazon-web-services/ amazon-s3/ amazon-iam

问题描述

I have multiple s3 buckets, i need to allow one s3 bucket folder access to IAM user to upload and view objects.我有多个 s3 存储桶,我需要允许一个 s3 存储桶文件夹访问 IAM 用户以上传和查看对象。 can some one assist me how to do this.有人可以帮助我如何做到这一点。

1 个解决方案

解决方案1
 0  2022-03-22 05:58:41

If you wish to grant specific IAM User(s) access to particular folders within an Amazon S3 bucket, you can create an IAM Policy and attach it to the user.如果您希望授予特定 IAM 用户访问 Amazon S3 存储桶中特定文件夹的权限,您可以创建 IAM 策略并将其附加到用户。

From User policy examples - Amazon Simple Storage Service :来自用户政策示例 - 亚马逊简单存储服务

To grant each user access only to his or her folder, you can write a policy for each user and attach it individually.要仅授予每个用户访问他或她的文件夹的权限,您可以为每个用户编写策略并单独附加。 For example, you can attach the following policy to user Alice to allow her specific Amazon S3 permissions on the awsexamplebucket1/Alice folder.例如,您可以将以下策略附加到用户 Alice 以允许她对awsexamplebucket1/Alice文件夹具有特定的 Amazon S3 权限。

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::awsexamplebucket1/Alice/*"
        },
        {
            "Sid": "AllowListBucketOfASpecificUserPrefix",
            "Action": "s3:ListBucket",
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::awsexamplebucket1",
            "Condition": {
                "StringLike": {
                    "s3:prefix": [
                        "Alice/*"
                    ]
                }
            }
        }
    ]
}

If you want to do this for multiple users , the easiest way is to create a single policy and attach it to an IAM Group , the put the users in the group.如果您想为多个用户执行此操作,最简单的方法是创建一个策略并将其附加到 IAM 组,将用户放入组中。 This policy will grant them access to a folder with the same name as their username:此策略将授予他们访问与其用户名同名的文件夹的权限:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::awsexamplebucket1/${aws:username}/*"
        },
        {
            "Sid": "AllowListBucketOfASpecificUserPrefix",
            "Action": "s3:ListBucket",
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::awsexamplebucket1",
            "Condition": {
                "StringLike": {
                    "s3:prefix": [
                        "${aws:username}/*"
                    ]
                }
            }
        },
    ]
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 基于用户标签确定 S3 Bucket 访问的 IAM 策略 - IAM Policy to determine S3 Bucket access based on user tags 允许访问 Cognito 用户的 AWS S3 存储桶策略 - AWS S3 bucket policy to allow access to Cognito users 允许 S3 访问同一账户中特定 IAM 角色的 IAM 策略 - IAM policy to allow S3 access to specific IAM role in the same account 仅授予特定用户对 S3 存储桶的访问权限,无公共访问权限 - Grant access to an S3 bucket for a specific user only, no public access AWS Lambda 从 S3 存储桶中的特定文件夹中删除所有内容 - AWS Lambda to delete everything from a specific folder in an S3 bucket AWS S3 存储桶策略拒绝除一个 IAM 用户以外的所有人? - AWS S3 bucket policy to deny everything to everyone except for one IAM user? 用户明智地限制访问 s3 存储桶媒体 URL (AWS) - User wise restricted access of s3 bucket media URL (AWS) 访问 S3 存储桶中的选择性文件夹 visa AWS Transfer User - Access selective folders in S3 bucket visa AWS Transfer User S3 存储桶策略:允许完全访问存储桶及其所有对象 - S3 bucket policy: allow full access to a bucket and all its objects 授予客户 AWS 访问我的 AWS 特定 s3 存储桶的权限? - Giving customer AWS access to my AWS's specific s3 bucket?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM