AWS。如何设置文件夹的Permisson PutObject,而不是整个容器?

时间:2018-06-12 16:58:09

标签: amazon-web-services aws-iam

关于AWS-MediaStore服务。

尝试在用户端添加策略:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AWSElementalMediaStoreGetAccess",
            "Effect": "Allow",
            "Action": "mediastore:GetObject",
            "Resource": "*"
        }
    ]
}

对于容器方:

{
  "Version" : "2012-10-17",
  "Statement" : [ {
    "Sid" : "MediaStorePostToSpecificPath",
    "Effect" : "Allow",
    "Principal" : {
      "AWS" : "arn:aws:iam::CENSORED:root"
    },
    "Action" : "mediastore:PutObject",
    "Resource" : "arn:aws:mediastore:eu-central-1:CENSORED:container/test/path1/*",
    "Condition" : {
      "Bool" : {
        "aws:SecureTransport" : "true"
      }
    }
  } ]
}

但是帖子Path1告诉我拒绝访问。 是否可以设置可以将PutObject for User提供到已定义文件夹的策略?

1 个答案:

答案 0 :(得分:0)

Dunno为什么,但经过几次尝试后,此配置开始正常工作: 用户:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AWSElementalMediaStore",
            "Effect": "Allow",
            "Action": [
                "mediastore:GetObject"
            ],
            "Resource": "*"
        }
    ]
}

容器:

{
  "Version" : "2012-10-17",
  "Statement" : [ {
    "Sid" : "MediaStoreAccess",
    "Effect" : "Allow",
    "Principal" : {
      "AWS" : "arn:aws:iam::CENSORED:user/bot"
    },
    "Action" : "mediastore:PutObject",
    "Resource" : "arn:aws:mediastore:eu-central-1:CENSORED:container/test/path1/*",
    "Condition" : {
      "Bool" : {
        "aws:SecureTransport" : "true"
      }
    }
  } ]
}

现在,用户bot只能将文件放在path1文件夹中。可能是我遇到了这个问题,因为政策适用不那么快......

相关问题
最新问题