[英]S3 Bucket upload restriction based on file name and extension
Please check this JSON code and let me know what is wrong?请检查此 JSON 代码并告诉我有什么问题? All files gets denied.所有文件都被拒绝。 I need code where certain types of files can be uploaded by the users in the console.我需要用户可以在控制台中上传某些类型的文件的代码。
{
"Version": "2012-10-17",
"Id": "Policy1657799010112",
"Statement": [
{
"Sid": "Stmt1657798687256",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer1/Latest/*.gz"
},
{
"Sid": "Stmt1657798734526",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Dollar/*.xlsx"
},
{
"Sid": "Stmt1657798779527",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Unit/*.xlsx"
},
{
"Sid": "Stmt1657798829858",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer3/Latest/*.xlsx"
},
{
"Sid": "Stmt1657798856041",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer4/Latest/*.gz"
},
{
"Sid": "Stmt1657798882635",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer5/Latest/*.gz"
},
{
"Sid": "Stmt1657798905766",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/TY/*.xlsx"
},
{
"Sid": "Stmt1657798926711",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/YA/*.xlsx"
},
{
"Sid": "Stmtdeny1657798687256",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer1/Latest/*.gz"
},
{
"Sid": "Stmtdeny1657798734526",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Dollar/*.xlsx"
},
{
"Sid": "Stmtdeny1657798779527",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Unit/*.xlsx"
},
{
"Sid": "Stmtdeny1657798829858",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer3/Latest/*.xlsx"
},
{
"Sid": "Stmtdeny1657798856041",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer4/Latest/*.gz"
},
{
"Sid": "Stmtdeny1657798882635",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer5/Latest/*.gz"
},
{
"Sid": "Stmtdeny1657798905766",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/TY/*.xlsx"
},
{
"Sid": "Stmtdeny1657798926711",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/YA/*.xlsx"
}
]
} }
Need suggestions on limiting upload based on file name as well, For ex: file name starts with Sales_*.gz , which should allow all files with the file name Sales_14072022.gz etc还需要根据文件名限制上传的建议,例如:文件名以 Sales_*.gz 开头,这应该允许所有文件名为 Sales_14072022.gz 等的文件
Thanks谢谢
I have solved this on my own.我自己解决了这个问题。
{
"Version": "2012-10-17",
"Id": "Policy1657799010112",
"Statement": [{
"Sid": "Stmt1657798687256",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 1/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Dollar/TrendedDetails-Dollar*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Unit/TrendedDetails-Unit*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/0*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/1*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 4/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 5/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/TY/Start*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/YA/Start*.xlsx"
]
},
{
"Sid": "Stmt1657798687256",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": [
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 1/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Dollar/TrendedDetails-Dollar*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Unit/TrendedDetails-Unit*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/0*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/1*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 4/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 5/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/TY/Start*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/YA/Start*.xlsx"
]
}]
}
I used this and only files names based on what i have specified are allowed to be added to the particular folder.我使用了这个,并且只允许将基于我指定的文件名添加到特定文件夹中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.