I have a requirement to add a new line "arn:aws:sts::1262767:assumed-role/EC2-support-services" to an Amazon S3 bucket policy.
Something like this:
Before:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddCannedAcl",
"Effect":"Allow",
"Principal": {"AWS": ["arn:aws:iam::111122223333:root","arn:aws:iam::444455556666:root"]},
"Action":["s3:PutObject","s3:PutObjectAcl"],
"Resource":"arn:aws:s3:::awsexamplebucket1/*",
"Condition":{
"StringNotLike": {
"aws:arn": [
"arn:aws:sts::1262767:assumed-role/GR_COF_AWS_Prod_Support/*"
]
}
}
}
]
}
After:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddCannedAcl",
"Effect":"Allow",
"Principal": {"AWS": ["arn:aws:iam::111122223333:root","arn:aws:iam::444455556666:root"]},
"Action":["s3:PutObject","s3:PutObjectAcl"],
"Resource":"arn:aws:s3:::awsexamplebucket1/*",
"Condition":{
"StringNotLike": {
"aws:arn": [
"arn:aws:sts::1262767:assumed-role/GR_COF_AWS_Prod_Support/*",
"arn:aws:sts::1262767:assumed-role/EC2-support-services"
]
}
}
}
]
}
What is the AWS CLI command I need to use to add this line?
To do this you would need to override the existing bucket policy using the put-bucket-policy
command as there is no versioning.
An example of running this would be the below command
aws s3api put-bucket-policy --bucket MyBucket --policy file://policy.json
By storing the current and new policies as JSON files you can switch between the commands if you need to rollback by updating the filename in the --policy
argument.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.