我正在使用无服务器框架来部署到AWS。我想定义一个策略,该策略允许创建无服务器框架所需的所有资源。但是,我不希望用户获得对s3的完全访问权限。特别是,请仅删除包含特定字符串-serverlessdeploymentbucket-
的存储桶,而无需删除其他存储桶。
这是不成功的尝试,因为无服务器会导致部署时拒绝访问错误。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::*-serverlessdeploymentbucket-*/*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:DeleteBucket"
],
"Resource": "arn:aws:s3:::*-serverlessdeploymentbucket-*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:CreateBucket"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"cloudformation:*",
"logs:*",
"iam:*",
"apigateway:*",
"lambda:*",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeNetworkInterfaces",
"events:*",
"ssm:*"
],
"Resource": [
"*"
]
}
]
}