Auth0 and AWS Policy

Question

My web app is using Auth0 and AWS(Delegation token) to access to some resources in S3.

I have the following directory structure in a bucket named testinfo -Directory1 - Subdirectory11 - Subdirectory11 -Directory2 - Subdirectory21 -Directory3

I have the following Policy for S3 Buckets. { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1423804993000", "Effect": "Allow", "Action": [ "s3: " ], "Resource": [ "arn:aws:s3:::testinfo/Directory1", "arn:aws:s3:::testinfo/Directory1/ " ] } ] }

And I have the following javascript code to show the contents of the bucket

var getTokenPromise = auth.getToken({api: 'aws', role: "xyz", principal: "xyz"});
getTokenPromise.then(function (value) {
    console.log('delegation: ' + value);
    bucket = new AWS.S3({params: {Bucket: 'testinfo'}});
    bucket.config.credentials =new AWS.Credentials('x','y','z');
    bucket.listObjects({}, function (err, data) {
        if (err)
            alert(err);
        var files = [];
        for (var i in data.Contents) {
            //show files
        }
    });
}, function (reason) {
    console.log('failed: ' + reason);

});

According to the policy, only the contents of Directory1 show be shown. Unfortunately I got an Access Denied Exception. May someone give a hand to solve this problem?

Cheers

Answer 1

您可以尝试在目录中添加通配符，如下所示：

"arn:aws:s3:::testinfo/Directory1/*"