S3 Bucket upload restriction based on file name and extension
原文
2022-07-14 12:31:09
4
1
amazon-web-services/
amazon-s3/
amazon-iam/
aws-policies/
aws-permissions
Question
Please check this JSON code and let me know what is wrong? All files gets denied. I need code where certain types of files can be uploaded by the users in the console.
{
"Version": "2012-10-17",
"Id": "Policy1657799010112",
"Statement": [
{
"Sid": "Stmt1657798687256",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer1/Latest/*.gz"
},
{
"Sid": "Stmt1657798734526",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Dollar/*.xlsx"
},
{
"Sid": "Stmt1657798779527",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Unit/*.xlsx"
},
{
"Sid": "Stmt1657798829858",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer3/Latest/*.xlsx"
},
{
"Sid": "Stmt1657798856041",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer4/Latest/*.gz"
},
{
"Sid": "Stmt1657798882635",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer5/Latest/*.gz"
},
{
"Sid": "Stmt1657798905766",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/TY/*.xlsx"
},
{
"Sid": "Stmt1657798926711",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/YA/*.xlsx"
},
{
"Sid": "Stmtdeny1657798687256",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer1/Latest/*.gz"
},
{
"Sid": "Stmtdeny1657798734526",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Dollar/*.xlsx"
},
{
"Sid": "Stmtdeny1657798779527",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer2/Latest/Unit/*.xlsx"
},
{
"Sid": "Stmtdeny1657798829858",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer3/Latest/*.xlsx"
},
{
"Sid": "Stmtdeny1657798856041",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer4/Latest/*.gz"
},
{
"Sid": "Stmtdeny1657798882635",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer5/Latest/*.gz"
},
{
"Sid": "Stmtdeny1657798905766",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/TY/*.xlsx"
},
{
"Sid": "Stmtdeny1657798926711",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": "arn:aws:s3:::testbucketforuploadlimitation/Retailer6/Latest/YA/*.xlsx"
}
]
}
Need suggestions on limiting upload based on file name as well, For ex: file name starts with Sales_*.gz , which should allow all files with the file name Sales_14072022.gz etc
Thanks
1 answers
solution1
0 ACCPTED 2022-07-18 12:48:42
I have solved this on my own.
{
"Version": "2012-10-17",
"Id": "Policy1657799010112",
"Statement": [{
"Sid": "Stmt1657798687256",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 1/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Dollar/TrendedDetails-Dollar*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Unit/TrendedDetails-Unit*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/0*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/1*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 4/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 5/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/TY/Start*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/YA/Start*.xlsx"
]
},
{
"Sid": "Stmt1657798687256",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": [
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 1/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Dollar/TrendedDetails-Dollar*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Unit/TrendedDetails-Unit*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/0*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/1*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 4/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 5/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/TY/Start*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/YA/Start*.xlsx"
]
}]
}
I used this and only files names based on what i have specified are allowed to be added to the particular folder.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Does S3 Bucket Key name require file extension?
How to upload a file into s3 (using Python) where the s3 bucket name has a slash '/' in the name
S3 bucket access restriction with bucket policy
Search S3 bucket for file extension and size
How to upload a file to AWS S3 Bucket?
Unable to upload file to S3 bucket
upload file from url to s3 bucket
Programmatic file upload to AWS S3 bucket
Django S3 Bucket File Upload
AWS CodePiplene not upload file to the S3 bucket
Related Tags