自动化并在多个s3存储桶上应用存储桶策略的最佳方法是什么?

时间:2019-07-01 16:47:10

标签: amazon-web-services amazon-s3 aws-lambda amazon-cloudformation

假设我有超过100个s3存储桶,并且我想对所有存储桶应用存储桶策略,那么将其自动化的过程是什么?

1 个答案:

答案 0 :(得分:1)

使用脚本在每个存储桶上调用一个AWS CLI命令。 

aws s3api put-bucket-policy --bucket MyBucket --policy file://policy.json

policy.json:
{
   "Statement": [
      {
         "Effect": "Allow",
         "Principal": "*",
         "Action": "s3:GetObject",
         "Resource": "arn:aws:s3:::MyBucket/*"
      },
      {
         "Effect": "Deny",
         "Principal": "*",
         "Action": "s3:GetObject",
         "Resource": "arn:aws:s3:::MyBucket/MySecretFolder/*"
      },
      {
         "Effect": "Allow",
         "Principal": {
            "AWS": "arn:aws:iam::123456789012:root"
         },
         "Action": [
            "s3:DeleteObject",
            "s3:PutObject"
         ],
         "Resource": "arn:aws:s3:::MyBucket/*"
      }
   ]
}

我会在脚本或批处理文件中为每个存储段调用一次该命令。 

aws s3api put-bucket-policy --bucket MyBucket0 --policy file://policy.json

aws s3api put-bucket-policy --bucket MyBucket1 --policy file://policy.json

aws s3api put-bucket-policy --bucket MyBucket2 --policy file://policy.json

您应该将存储桶列表导出到文件,然后从该文件构建脚本。

请参见https://docs.aws.amazon.com/cli/latest/reference/s3api/put-bucket-policy.html

相关问题
最新问题