创建单个IAM用户以仅访问特定的S3存储桶 [英] Create a single IAM user to access only specific S3 bucket

问题描述

我的AWS账户中有很多S3存储桶.但是现在我创建了一个IAM用户和一个新的S3存储桶，我希望使该用户能够使用Cyber​​Duck之类的客户端访问新的S3存储桶.

I have many S3 buckets in my AWS account. But now I created an IAM user and a new S3 bucket, I would like to give this user the ability to access the new S3 bucket using a client like CyberDuck.

我试图制定许多政策.但是在那之后，该用户也获得了列出我所有其他存储桶的权限.如何授予对单个S3存储桶的列表访问权限和写入权限?

I tried to create so many policies. But after that this user getting permission to list all my other buckets also. How can I give access to listing and writing access to a single S3 bucket?

推荐答案

首先，创建一个策略以允许访问单个S3存储桶(IAM->策略->创建策略).您可以使用AWS Policy Generator( http://awspolicygen.s3.amazonaws.com/policygen.html )，它应该看起来像这样:

First you create a Policy to allow access to a single S3 bucket (IAM -> Policies -> Create Policy). You can use AWS Policy Generator (http://awspolicygen.s3.amazonaws.com/policygen.html), it should look something like this:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1528735049406",
      "Action": [
        "s3:DeleteObject",
        "s3:GetObject",
        "s3:HeadBucket",
        "s3:ListBucket",
        "s3:ListObjects",
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::YOURBUCKETNAME"
    }
  ]
}

保存该策略并记下您为其指定的名称，然后转到IAM-> Users并选择所需的用户.在权限标签中，点击添加权限"，然后选择顶部附近的直接附加现有策略".通过名称来找到您的策略，选中其复选框并完成过程.

Save the policy and note the name you gave to it, then go to IAM -> Users and select the desired user. In the permissions tab, click 'Add permissions', then select 'Attach existing policies directly' near the top. Find your policy by its name, tick its checkbox and complete the process.

这篇关于创建单个IAM用户以仅访问特定的S3存储桶的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！