我需要一个Amazon S3用户完全访问权限，单个桶 [英] I need an Amazon S3 user with full access to a single bucket

问题描述

我有一个用户foo具有下列权限（它不属于任何团体的成员）：

I have a user foo with the following privileges (it's not a member of any group):

{
  "Statement": [
    {
      "Sid": "Stmt1308813201865",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::bar"
    }
  ]
}

这是用户。然而，似乎无法上传或做更多的事情，直到我同意完全访问身份验证的用户（这可能适用于任何人）。这仍然没有让用户变更许可作为博托的时候，它会做的做了一个上传后，引发错误 key.set_acl（公共阅读'）。

That user however seem unable to upload or do much of anything until I grant full access to authenticated users (which might apply to anyone). This still doesn't let the user change permission as boto is throwing an error after an upload when it tries to do do key.set_acl('public-read').

理论上讲，该用户将拥有完全访问栏斗，没有别的，我究竟做错了什么？

Ideally this user would have full access to the bar bucket and nothing else, what am I doing wrong?

推荐答案

您需要授予 S3：ListBucket 许可桶本身。试试下面的政策。

You need to grant s3:ListBucket permission to the bucket itself. Try the policy below.

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "S3:*",
      "Resource": "arn:aws:s3:::bar/*",
      "Condition": {}
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": "arn:aws:s3:::bar",
      "Condition": {}
    }
  ]
}

这篇关于我需要一个Amazon S3用户完全访问权限，单个桶的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！