实施S3标准存储类的策略 [英] Policy enforcing S3 standard storage class
问题描述
是否有一种方法可以定义S3存储桶策略以实施标准存储类?我想防止用户创建冗余存储类减少的对象.
Is there a way to define a S3 bucket policy to enforce standard storage class? I want to prevent users from creating objects with reduced redundancy storage class.
推荐答案
您现在可以在S3存储桶策略中使用条件,以将S3对象的创建(使用PutObject
)限制为特定的存储类.
You can now use a condition in an S3 bucket policy to constrain the creation of S3 objects (using PutObject
) to specific storage classes.
The current version of the AWS documentation has an example - Restrict object uploads to objects with a specific storage class.
假设帐户A拥有存储桶,并且帐户管理员希望限制帐户A中的用户Dave仅能够将对象上载到将与
STANDARD_IA
存储类一起存储的存储桶.帐户A管理员可以使用s3:x-amz-storage-class
条件键来完成此操作,如以下示例存储桶策略所示.
Suppose Account A owns a bucket and the account administrator wants to restrict Dave, a user in Account A, to be able to only upload objects to the bucket that will be stored with the
STANDARD_IA
storage class. The Account A administrator can accomplish this by using thes3:x-amz-storage-class
condition key as shown in the following example bucket policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "statement1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::AccountA-ID:user/Dave"
},
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::examplebucket/*"
],
"Condition": {
"StringEquals": {
"s3:x-amz-storage-class": [
"STANDARD_IA"
]
}
}
}
]
}
Principal
和Resource
的值将特定于您的用户和S3存储桶. Condition
约束将需要更改为STANDARD
.
Your values for Principal
and Resource
would be specific to your users and S3 bucket(s). The Condition
constraint would need to change to STANDARD
.
这篇关于实施S3标准存储类的策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!