我正在尝试通过Bucket策略将Amazon S3连接到其他服务。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {"arn:aws:iam::ACCOUNT-ID:user/augmen",
}
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetObject"
],
"Resource": ["arn:aws:s3:::rajatv.input",
"arn:aws:s3:::rajatv.input/*"]
}
]
}
仍有错误:
答案 0 :(得分:2)
您似乎想要为特定的IAM用户提供存取桶访问权限。如果是这样,最好的方法是在IAM用户上设置策略,以便权限仅适用于他们。
此策略会向任何将其作为IAM策略的用户授予存储桶访问权限。要添加它,请转到用户添加内联政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PermitBucketAccess",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::rajatv.input",
"arn:aws:s3:::rajatv.input/*"
]
}
]
}
应用于存储桶本身的存储桶策略最好用于授予对所有人的访问权限,而IAM策略最适合授予对特定IAM用户,组和角色的权限。
答案 1 :(得分:1)
校长需要采用以下格式:
"Principal": {"AWS": ["arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:root"]},