指定访问多个s3存储桶的正确IAM权限

时间:2018-01-11 10:19:14

标签: amazon-web-services amazon-s3 amazon-iam

我试图为用户提供对某些存储桶的读/写/列表权限,我的IAM策略是:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::kl-bucket1",
                "arn:aws:s3:::kl-bucket2",
                "arn:aws:s3:::kl-bucket3",
                "arn:aws:s3:::kl-bucket4"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::kl-bucket3",
                "arn:aws:s3:::kl-bucket4"
            ]
        }
    ]
}

当我尝试写入bucket4时,我收到403错误,但是如果我给出如下所示的完全权限,那么我可以写入bucket4。 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "*"
        }
    ]
}

可能是什么问题?

P.S。虽然此问题类似于S3: How to grant access to multiple buckets?,但实际问题却不同。

1 个答案:

答案 0 :(得分:0)

问题是我还在PutObject之后设置了Access控件,而IAM策略正在设置该权限 @Asarluhi的答案有所帮助 已将操作修改为:

"Action": [
            "s3:GetObject",
            "s3:PutObject",
            "s3:PutObjectAcl"
        ],
相关问题
最新问题