必须允许哪些策略操作才能将文件上传到s3?

时间:2016-12-20 13:46:13

标签: amazon-web-services amazon-s3 aws-sdk

使用JS SDK上传到s3存储桶时,以下策略有效:



 
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::foo/*"
            ]
        }
    ]
}




但更细化和安全



 
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::foo/*"
            ]
        }
    ]
}




没有。上传对象是否需要一些额外的操作权限?

1 个答案:

答案 0 :(得分:1)

您的策略授予对象的权限,而不是存储桶。这应该有效:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::foo/"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::foo/*"
            ]
        }
    ]
}

注意存储桶(arn:aws:s3:::foo/)和对象(arn:aws:s3:::foo/*)之间的区别。

相关问题
最新问题