[英]AWS S3 cross account policy
我想为限制为 VPC-ID(使用 S3 端点)的 S3 存储桶设置策略。 我有两个账户,A 和 B。我想让 A 中的 IAM 用户访问 B 中的存储桶。
https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies-vpc-endpoint.html
{ "Version": "2012-10-17", "Id": "Policy1415115909153", "Statement": [ { "Sid": "Access-to-specific-VPC-only", "Principal": "*", "Action": "s3:*", "Effect": "Deny", "Resource": ["arn:aws:s3:::awsexamplebucket1", "arn:aws:s3:::awsexamplebucket1/*"], "Condition": { "StringNotEquals": { "aws:SourceVpc": "vpc-111bbb22" } } } ] }
以上将不起作用,但以下将:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::bucket",
"arn:aws:s3:::bucket/*"
],
"Condition": {
"StringEquals": {
"aws:SourceVpc": "vpc-111111111111"
}
}
}
]
}
感觉最好的做法是使用拒绝策略。 任何人都知道为什么以及如何解决它?
正如所指出的,您也需要允许。 将这两种政策结合起来,它就会起作用。
AWS Datasync S3 -> S3 跨账户,对目标角色/账户感到困惑
[英]AWS Datasync S3 -> S3 cross account, confused about destination role/account
AWS 托管密钥加密的 AWS 跨账户 S3 PutObject 中未找到 KMS 异常
[英]KMS Not found Exception in AWS Cross Account S3 PutObject encrypted by AWS Managed Key
aws s3 bucket 获取 Referrer Policy:strict-origin-when-cross-origin
[英]aws s3 bucket getting Referrer Policy: strict-origin-when-cross-origin
使用默认 aws/S3 KMS 密钥解密 object 的跨账户访问
[英]cross account access for decrypt object with default aws/S3 KMS key
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.