我正在寻找一个存储桶策略,该策略限制所有用户/角色删除特定存储桶,并且仅允许root帐户用户和特定角色删除存储桶。像下面这样。请提出建议。
{
"Version": "2012-10-17",
"Id": "PutObjBucketPolicy",
"Statement": [
{
"Sid": "Prevent bucket delete",
"Effect": "Deny",
"Principal": *,
"Action": "s3:DeleteBucket",
"Resource": "arn:aws:s3:::test-bucket-s3"
"Condition"
StringNotEquals:
{ "AWS": "arn:aws:iam::AWS-account-ID:role/role-name" }
}
]
}