Amazon Web Services:设置S3策略以允许putObject和getObject但拒绝listBucket [英] Amazon Web Services : Setting S3 policy to allow putObject and getObject but deny listBucket
本文介绍了Amazon Web Services:设置S3策略以允许putObject和getObject但拒绝listBucket的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我在Amazon S3上使用getObject和putObject请求,并在创建访问存储桶的策略时发现,如果我不允许listBucket,则会出现访问被拒绝"错误.
I am using getObject and putObject requests on Amazon S3 and in creating a policy for access to the bucket I discovered that if I don't allow listBucket I get an 'access denied' error.
此问题是listBucket意味着用户可以列出存储桶中的键,并显示 安全威胁.
The problem with this is that listBucket means a user can list the keys in a bucket and this presents a security threat.
是否可以在没有listBucket的情况下允许getObject和putObject? 或有解决方法吗?
Is it possible to allow getObject and putObject without allowing listBucket? or is there a workaround for this?
以下是政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt##",
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::myBucket"
]
},
{
"Sid": "Stmt##",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::myBucket/*"
]
}
]
}
推荐答案
查看全文