![](/img/trans.png)
[英]Giving an IAM user, permission to a specific folder of a bucket in AWS S3
[英]Deny permission to specific user of specific folder inside S3 bucket
在AWS S3中,我有一个名为“ Environments”的存储桶,在该存储桶中有4个分别名为“ sandbox”,“ staging”,“ prod1”和“ prod2”的文件夹,并且整个存储桶的权限为“ public”。
现在,我想限制一个名为“ developer”的AWS用户将任何内容写入“ prod1”和“ prod2”文件夹,但它可以查看它们。
请帮助我
创建以下策略并附加到用户开发人员
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::Environments",
"arn:aws:s3:::Environments/sandbox/*",
"arn:aws:s3:::Environments/staging/*",
]
}
]
}
此策略允许对文件夹沙箱和暂存具有完全权限,但将另一个文件夹限制为用户开发人员
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.