实施S3标准存储类的策略 [英] Policy enforcing S3 standard storage class

问题描述

是否有一种方法可以定义S3存储桶策略以实施标准存储类?我想防止用户创建冗余存储类减少的对象.

Is there a way to define a S3 bucket policy to enforce standard storage class? I want to prevent users from creating objects with reduced redundancy storage class.

推荐答案

您现在可以在S3存储桶策略中使用条件，以将S3对象的创建(使用PutObject)限制为特定的存储类.

You can now use a condition in an S3 bucket policy to constrain the creation of S3 objects (using PutObject) to specific storage classes.

AWS文档的当前版本有一个示例-

The current version of the AWS documentation has an example - Restrict object uploads to objects with a specific storage class.

假设帐户A拥有存储桶，并且帐户管理员希望限制帐户A中的用户Dave仅能够将对象上载到将与STANDARD_IA存储类一起存储的存储桶.帐户A管理员可以使用s3:x-amz-storage-class条件键来完成此操作，如以下示例存储桶策略所示.

Suppose Account A owns a bucket and the account administrator wants to restrict Dave, a user in Account A, to be able to only upload objects to the bucket that will be stored with the STANDARD_IA storage class. The Account A administrator can accomplish this by using the s3:x-amz-storage-class condition key as shown in the following example bucket policy.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "statement1",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::AccountA-ID:user/Dave"
      },
      "Action": "s3:PutObject",
      "Resource": [
        "arn:aws:s3:::examplebucket/*"
      ],
      "Condition": {
        "StringEquals": {
          "s3:x-amz-storage-class": [
            "STANDARD_IA"
          ]
        }
      }
    }
  ]
}

Principal和Resource的值将特定于您的用户和S3存储桶. Condition约束将需要更改为STANDARD.

Your values for Principal and Resource would be specific to your users and S3 bucket(s). The Condition constraint would need to change to STANDARD.

这篇关于实施S3标准存储类的策略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！