AWS S3 存儲桶策略 - 特定“文件夾”的只讀訪問權限
[英]AWS S3 Bucket Policy - Read only access for specific “folder”
問題描述
我正在嘗試將其中一位 IAM 用戶的訪問權限限制為 S3 存儲桶中的“文件夾”。 我以為我已經正確配置了這個,但是讀取訪問似乎不起作用。
{
"Sid": "TEST_PublicReadGetObject",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::807676775814:user/project/api/testuserapi-abc123"
},
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketByTags",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts"
],
"Resource":
"arn:aws:s3:::testbucket-securitytest/timeline/*"
}
有什么我想念的嗎? 進行這些更改有時會延遲還是應該立即進行?
1 個解決方案
解決方案1
0 2020-05-07 22:58:26
我想我發現我必須首先允許 ListBucket 訪問,然后添加 Action 以僅允許 GetObject 用於該“文件夾”。 :) --- 只需要更徹底地閱讀文檔
{
"Sid": "TEST_ListItems",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::807676775814:user/project/api/testuserapi"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::testbucket"
},
{
"Sid": "TEST_PublicReadGetObject",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::807676775814:user/project/api/testuserapi
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::testbucket/Timeline/*"
}`
我想阻止對S3存儲桶的公共訪問,但是授予對其對象的只讀訪問權限
[英]I want to block public access to my S3 bucket, but give read only access to its object
S3 復制:拒絕訪問:Amazon S3 無法檢測是否在目標存儲桶上啟用了版本控制
[英]S3 replication: Access denied: Amazon S3 can't detect whether versioning is enabled on the destination bucket
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.