[英]AWS S3 Bucket Policy - Read only access for specific “folder”
我正在嘗試將其中一位 IAM 用戶的訪問權限限制為 S3 存儲桶中的“文件夾”。 我以為我已經正確配置了這個,但是讀取訪問似乎不起作用。
{
"Sid": "TEST_PublicReadGetObject",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::807676775814:user/project/api/testuserapi-abc123"
},
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketByTags",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts"
],
"Resource":
"arn:aws:s3:::testbucket-securitytest/timeline/*"
}
有什么我想念的嗎? 進行這些更改有時會延遲還是應該立即進行?
我想我發現我必須首先允許 ListBucket 訪問,然后添加 Action 以僅允許 GetObject 用於該“文件夾”。 :) --- 只需要更徹底地閱讀文檔
{
"Sid": "TEST_ListItems",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::807676775814:user/project/api/testuserapi"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::testbucket"
},
{
"Sid": "TEST_PublicReadGetObject",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::807676775814:user/project/api/testuserapi
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::testbucket/Timeline/*"
}`
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.