如何定义AWS策略声明的主体?

时间:2011-06-08 22:20:17

标签: amazon-s3

我从http://awspolicygen.s3.amazonaws.com/policygen.html开始创建一个策略,该策略将上传权限授予用户列表的特定S3存储桶。我不明白我如何定义这些用户应该是谁。

文档将委托人称为"一个或多个人"没有如何引用所述人的例子。一个假定"电子邮件地址"并且策略生成器将接受它,但是当我将生成的语句粘贴到存储桶策略编辑器时,我得到:

  

政策中的无效主体 - " AWS" :" steve@here.com"

完整陈述:

{
  "Id": "myPol",
  "Statement": [
    {
      "Sid": "Stmt130",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::myBucketName",
      "Principal": {
        "AWS": [
          "steve@here.com"
        ]
      }
    } ]
}

2 个答案:

答案 0 :(得分:15)

委托人可以是其他AWS账户或IAM用户。这些文档很有用Specifying Principals in Bucket PoliciesIntegrating IAM with S3

答案 1 :(得分:-1)

[HttpPost]
public ActionResult Uploaddemo(HttpPostedFileBase file) {
    try {
        IAmazonS3 client;
        using (client = Amazon.AWSClientFactory.CreateAmazonS3Client(_awsAccessKey, _awsSecretKey,RegionEndpoint.USWest2)) {
            var request = new PutObjectRequest() {
                BucketName = _bucketName,
                CannedACL = S3CannedACL.PublicRead, ACCESIBLE
                Key = string.Format("visumes/{0}", file.FileName),
                InputStream = file.InputStream,//SEND THE FILE STREAM
            };

            Amazon.S3.AmazonS3Config s3Config = new Amazon.S3.AmazonS3Config() { 
                ServiceURL = "http://s3.amazonaws.com"  
            };
            string HOST ="http://s3-website-us-west-2.amazonaws.com";
            client.PutObject(request);
        }
    } catch (Exception ex) {

    }
    return View();
}
相关问题
最新问题