我需要一个对单个存储桶具有完全访问权限的 Amazon S3 用户 [英] I need an Amazon S3 user with full access to a single bucket

查看:39
本文介绍了我需要一个对单个存储桶具有完全访问权限的 Amazon S3 用户的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个用户 foo 具有以下权限(它不是任何组的成员):

I have a user foo with the following privileges (it's not a member of any group):

{
  "Statement": [
    {
      "Sid": "Stmt1308813201865",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::bar"
    }
  ]
}

但是,在我向经过身份验证的用户授予完全访问权限之前,该用户似乎无法上传或执行任何操作(这可能适用于任何人).这仍然不会让用户更改权限为 在上传后尝试执行 key.set_acl('public-read') 时抛出错误.

That user however seem unable to upload or do much of anything until I grant full access to authenticated users (which might apply to anyone). This still doesn't let the user change permission as boto is throwing an error after an upload when it tries to do do key.set_acl('public-read').

理想情况下,该用户将拥有对 bar 存储桶的完全访问权限,而没有其他任何权限,我做错了什么?

Ideally this user would have full access to the bar bucket and nothing else, what am I doing wrong?

推荐答案

您需要向存储桶本身授予 s3:ListBucket 权限.试试下面的政策.

You need to grant s3:ListBucket permission to the bucket itself. Try the policy below.

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "S3:*",
      "Resource": "arn:aws:s3:::bar/*",
      "Condition": {}
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": "arn:aws:s3:::bar",
      "Condition": {}
    }
  ]
}

这篇关于我需要一个对单个存储桶具有完全访问权限的 Amazon S3 用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆