如何限制对 AWS s3 存储桶的所有访问
[英]How to restrict all access to the AWS s3 bucket
问题描述
I want to restrict aws s3 bucket to not get access from anywhere, I want block all access public, private, bucket, folder, file everything of that bucket after that then i want to create an access point of s3 then I want to give permission to an IAM user so that only that IAM user can perform all action but only that IAM user now I am not sure what exactly I also enable or disable like public access or something also, i don't know I have to give a policy to the bucket or access point
我想限制 aws s3 存储桶不能从任何地方访问,我想阻止所有访问公共、私有、存储桶、文件夹,之后归档该存储桶的所有内容然后我想创建 s3 的访问点然后我想授予权限给一个 IAM 用户,这样只有那个 IAM 用户可以执行所有操作,但现在只有那个 IAM 用户我不确定我到底启用或禁用了什么,比如公共访问或其他东西,我不知道我必须给出一个策略存储桶或接入点
1 个解决方案
解决方案1
0 2022-12-29 13:06:18
I want to restrict aws s3 bucket to not get access from anywhere, I want block all access public, private, bucket, folder, file everything of that bucket
Use this policy to restrict all access:使用此策略限制所有访问:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyAll",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket/*"
}
]
}
then i want to create an access point of s3 then I want to give permission to an IAM user so that only that IAM user can perform all action but only that IAM user
Use this policy to restrict all access except for one IAM user:使用此策略限制除一个 IAM 用户之外的所有访问:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyAllExceptRole",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket/*",
"Condition": {
"StringNotEquals": {
"aws:PrincipalArn": "IAM-ROLE-ARN"
}
}
},
{
"Sid": "AllowRole",
"Effect": "Allow",
"Principal": "IAM-ROLE-ARN",
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket/*"
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.