我在当前存储桶上获得了IAM策略,该存储桶将列出所有存储桶并允许完全访问S3帐户内的指定存储桶。问题是,我现在要限制上传到指定存储桶内的特定文件夹。有没有办法做到这一点,并指定只能上传到顶级文件夹,而不是列出政策中的特定文件夹?这就是我目前所拥有的:
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::MYBUCKETNAME",
"Condition": {}
},
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectAclVersion"
],
"Resource": "arn:aws:s3:::MYBUCKETNAME/*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*",
"Condition": {}
}
]
}