AWS S3 存储桶策略 - 特定“文件夹"的只读访问权限 [英] AWS S3 Bucket Policy - Read only access for specific "folder"
本文介绍了AWS S3 存储桶策略 - 特定“文件夹"的只读访问权限的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我试图将其中一个 IAM 用户的访问权限限制为 S3 存储桶中的文件夹".我以为我已经正确配置了它,但读取访问似乎不起作用.
I am trying to limit access for one of the IAM users to a "folder" within an S3 bucket. I thought I had this configured correctly, but the read access does not appear to be working.
{
"Sid": "TEST_PublicReadGetObject",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::807676775814:user/project/api/testuserapi-abc123"
},
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketByTags",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts"
],
"Resource":
"arn:aws:s3:::testbucket-securitytest/timeline/*"
}
有什么我遗漏的吗?有时会延迟进行这些更改还是应该立即更改?
Is there something I am missing? Is there sometimes a delay in making these changes or should it be instant?
推荐答案
我想我想我必须先允许 ListBucket 访问,然后添加 Action 以仅允许该文件夹"的 GetObject.:) --- 只需要更彻底地阅读文档
I think I figured it out I had to allow ListBucket access first and then add the Action to allow only GetObject for that "folder". :) --- Just need to read the documentation a little more thoroughly
{
"Sid": "TEST_ListItems",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::807676775814:user/project/api/testuserapi"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::testbucket"
},
{
"Sid": "TEST_PublicReadGetObject",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::807676775814:user/project/api/testuserapi
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::testbucket/Timeline/*"
}`
这篇关于AWS S3 存储桶策略 - 特定“文件夹"的只读访问权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文