堆栈内存溢出
  简体   繁体   English

基于文件名和扩展名的 S3 存储桶上传限制

[英]S3 Bucket upload restriction based on file name and extension

 原文  2022-07-14 12:31:09       amazon-web-services/ amazon-s3/ amazon-iam/ aws-policies/ aws-permissions

问题描述

Please check this JSON code and let me know what is wrong?请检查此 JSON 代码并告诉我有什么问题? All files gets denied.所有文件都被拒绝。 I need code where certain types of files can be uploaded by the users in the console.我需要用户可以在控制台中上传某些类型的文件的代码。

{
"Version": "2012-10-17",
"Id": "Policy1657799010112",
"Statement": [
    {
        "Sid": "Stmt1657798687256",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer1/Latest/*.gz"
    },
    {
        "Sid": "Stmt1657798734526",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Dollar/*.xlsx"
    },
    {
        "Sid": "Stmt1657798779527",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Unit/*.xlsx"
    },
    {
        "Sid": "Stmt1657798829858",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer3/Latest/*.xlsx"
    },
    {
        "Sid": "Stmt1657798856041",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer4/Latest/*.gz"
    },
    {
        "Sid": "Stmt1657798882635",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer5/Latest/*.gz"
    },
    {
        "Sid": "Stmt1657798905766",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/TY/*.xlsx"
    },
    {
        "Sid": "Stmt1657798926711",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/YA/*.xlsx"
    },
    {
        "Sid": "Stmtdeny1657798687256",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer1/Latest/*.gz"
    },
    {
        "Sid": "Stmtdeny1657798734526",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Dollar/*.xlsx"
    },
    {
        "Sid": "Stmtdeny1657798779527",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Unit/*.xlsx"
    },
    {
        "Sid": "Stmtdeny1657798829858",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer3/Latest/*.xlsx"
    },
    {
        "Sid": "Stmtdeny1657798856041",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer4/Latest/*.gz"
    },
    {
        "Sid": "Stmtdeny1657798882635",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer5/Latest/*.gz"
    },
    {
        "Sid": "Stmtdeny1657798905766",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/TY/*.xlsx"
    },
    {
        "Sid": "Stmtdeny1657798926711",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/YA/*.xlsx"
    }
]

} }

Need suggestions on limiting upload based on file name as well, For ex: file name starts with Sales_*.gz , which should allow all files with the file name Sales_14072022.gz etc还需要根据文件名限制上传的建议,例如:文件名以 Sales_*.gz 开头,这应该允许所有文件名为 Sales_14072022.gz 等的文件

Thanks谢谢

1 个解决方案

解决方案1
 0 已采纳  2022-07-18 12:48:42

I have solved this on my own.我自己解决了这个问题。

{
    "Version": "2012-10-17",
    "Id": "Policy1657799010112",
    "Statement": [{
        "Sid": "Stmt1657798687256",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": [
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 1/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Dollar/TrendedDetails-Dollar*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Unit/TrendedDetails-Unit*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/0*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/1*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 4/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 5/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/TY/Start*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/YA/Start*.xlsx"
        ]
    },
    {
        "Sid": "Stmt1657798687256",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": [
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 1/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Dollar/TrendedDetails-Dollar*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Unit/TrendedDetails-Unit*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/0*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/1*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 4/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 5/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/TY/Start*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/YA/Start*.xlsx"
        ]
    }]
}

I used this and only files names based on what i have specified are allowed to be added to the particular folder.我使用了这个,并且只允许将基于我指定的文件名添加到特定文件夹中。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 S3 Bucket Key 名称是否需要文件扩展名? - Does S3 Bucket Key name require file extension? 如何将文件上传到 s3(使用 Python),其中 s3 存储桶名称的名称中有斜杠“/” - How to upload a file into s3 (using Python) where the s3 bucket name has a slash '/' in the name 使用存储桶策略限制 S3 存储桶访问 - S3 bucket access restriction with bucket policy 在 S3 存储桶中搜索文件扩展名和大小 - Search S3 bucket for file extension and size 如何将文件上传到AWS S3 Bucket? - How to upload a file to AWS S3 Bucket? 无法将文件上传到S3存储桶 - Unable to upload file to S3 bucket 将文件从 url 上传到 s3 存储桶 - upload file from url to s3 bucket 程序文件上传到AWS S3存储桶 - Programmatic file upload to AWS S3 bucket Django S3 存储桶文件上传 - Django S3 Bucket File Upload AWS CodePiplene 未将文件上传到 S3 存储桶 - AWS CodePiplene not upload file to the S3 bucket
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM