桶策略,以防止删除桶 [英] Bucket policy to prevent bucket delete
问题描述
我正在寻找一个存储桶策略,该策略仅允许root帐户用户和存储桶创建者删除存储桶.像下面这样.请提出建议.如何仅限制存储桶创建者和根用户?
I am looking for a bucket policy which allows only the root account user and the bucket creator to delete the bucket. something like below. Please suggest. How to restrict to only bucket creator and root?
{
"Version": "2012-10-17",
"Id": "PutObjBucketPolicy",
"Statement": [
{
"Sid": "Prevent bucket delete",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::xxxxxxx:root"
},
"Action": "s3:DeleteBucket",
"Resource": "arn:aws:s3:::test-bucket-s3"
},
{
"Sid": "Prevent bucket delete",
"Effect": "Deny",
"Principal": *,
"Action": "s3:DeleteBucket",
"Resource": "arn:aws:s3:::test-bucket-s3"
}
]
}
推荐答案
S3中有2种不同类型的权限.
There are 2 different type of permission in S3.
- 基于资源的策略
- 用户政策
因此存储桶策略和访问控制列表(ACL)是基于资源的一部分,并附加到存储桶中.
So Bucket policies and access control lists (ACLs) are part of Resource Based and which attached to the bucket.
如果所有用户都在同一个aws帐户中.您可以考虑附加到用户或角色的用户策略.
if all users are in same aws account. you can consider user policy which is attached to user or role.
如果您要处理多个AWS帐户,则最好使用Bucket策略或ACL.
if you are dealing with multiple aws accounts, Bucket policies or ACL is better.
唯一不同的是,存储桶策略允许您授予或拒绝访问权限,并在存储桶中应用所有对象.
only different is, Bucket policies allows you grant or deny access and apply too all object in the bucket.
ACL被授予基本的读取或写入权限,并且无法添加条件检查.
ACL is grant basic read or write permission and can't add conditional check.
这篇关于桶策略,以防止删除桶的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
