![](/img/trans.png)
[英]Giving an IAM user, permission to a specific folder of a bucket in AWS S3
[英]Deny permission to specific user of specific folder inside S3 bucket
在AWS S3中,我有一個名為“ Environments”的存儲桶,在該存儲桶中有4個分別名為“ sandbox”,“ staging”,“ prod1”和“ prod2”的文件夾,並且整個存儲桶的權限為“ public”。
現在,我想限制一個名為“ developer”的AWS用戶將任何內容寫入“ prod1”和“ prod2”文件夾,但它可以查看它們。
請幫助我
創建以下策略並附加到用戶開發人員
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::Environments",
"arn:aws:s3:::Environments/sandbox/*",
"arn:aws:s3:::Environments/staging/*",
]
}
]
}
此策略允許對文件夾沙箱和暫存具有完全權限,但將另一個文件夾限制為用戶開發人員
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.