我的s3存储设置如下所示:
权限>存储桶政策
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket/*"
}
]
}
每个对象都是公开的。
我有3个文件夹,并且想要添加一个私有的新文件夹。我如何确保它是私密的?
答案 0 :(得分:2)
您必须使用名为NotResource的选项。
The NotResource element lets you grant or deny access to all but a few
of your resources, by allowing you to specify only those resources to
which your policy should not be applied.
因此,您应该使用Resource而不是NotResource。
有了这个,你的
存储桶策略应该是:
{
"Sid": "AllowPublicReadWithPrivateFolder",
"Effect": "Allow",
"NotResource": "arn:aws:s3:::bucket/your_private_folder_path/*",
"Principal": {
"AWS": [
"*"
]
},
"Action": "s3:GetObject"
}