IAM策略列出S3存储内的特定文件夹的用户 [英] IAM Policy to list specific folders inside a S3 bucket for an user
本文介绍了IAM策略列出S3存储内的特定文件夹的用户的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我下面的键斗下的 demo.for.customers
demo.for.customers/customer1/
demo.for.customers/customer2/
现在我有2个客户,即的customer1 和的customer2 。这就是我想要的:
Now I have 2 customers namely customer1 and customer2. This is what I want:
- 授予他们只能访问的 demo.for.customers 桶。
- 的customer1应该能够访问仅
demo.for.customers /的customer1 /
和应该的customer2能够访问仅demo.for.customers / customer2表/
。
- Grant them access to only demo.for.customers bucket.
- customer1 should be able to access only
demo.for.customers/customer1/
and customer2 should be able to access onlydemo.for.customers/customer2/
.
和我能够用下面的政策(我创造的政策为每一个客户,所以我贴一个只为的customer1下文。)我已经定义了这一政策IAM而不是在S3来实现这一点。
And I am able to achieve this with below policy ( I am creating policy for each customer. Hence I am pasting the one only for customer1 below.) I have defined this policy in IAM and not in S3.
{
"Version":"2012-10-17",
"Statement": [
{
"Action": ["s3:ListAllMyBuckets", "s3:GetBucketLocation"],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::*"]
},
{
"Action": ["s3:ListBucket"],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::demo.for.customers"],
"Condition":{"StringEquals":{"s3:prefix":["","customer1/"],"s3:delimiter":["/"]}}
},
{
"Effect": "Allow",
"Action": ["s3:*"],
"Resource": ["arn:aws:s3:::demo.for.customers/customer1/*"]
}
]
}
问题:
- 的customer1能够看到我所有的桶,尽管他不能访问它们。我不想这样。他应该能看到的只有 demo.for.customers
- 的customer1能够看到
demo.for.customers / customer2表
以及他虽然不能访问它。这是非常不能接受的,因为我不希望他甚至看到我这下斗什么其他的客户文件夹。
- Customer1 is able to see all my bucket although he can't access any of them . I don't want this. He should be able to see only demo.for.customers
- Customer1 is able to see
demo.for.customers/customer2
as well although he can't access it. THis is highly unacceptable as I don't want him to even see what other customer folders I have under this bucket.
问题:
- 在做大量的谷歌搜索后,我才知道,也没有办法为列表中选择特定水桶。这是真的吗?
- 不过,我必须找到一种方法为只列出特定的文件夹一桶水给定用户里面。那怎么办?
- After doing a lot of googling, I came to know that there is no way to list specific buckets. Is this really true?
- However, I have to find a way to list only specific folders inside a bucket for a given user. How to do that?
感谢。
推荐答案
关于你的问题:
- 不幸的是没有办法只列出某些桶。如果目的只是以允许访问所述一个已知的桶,我会删除的第一个语句完全,因为它不增加任何值(桶是已知的,并且不会需要列)。
- 您可以显示code使用的是列出桶含量?基于你在这里已经证明了我所期望的customer1只能够列出的桶含量在他们的preFIX根和无处。
关于你的问题:
- 是的,有没有办法将某些存储桶。这份名单桶API是一个全有或全无操作。
- 这是由preFIX完成。您使用的是什么语言?我们有一个使用令牌自动贩卖机,以每用户访问提供到了AWS移动软件开发工具包样品S3斗。
这篇关于IAM策略列出S3存储内的特定文件夹的用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文