我应该设置什么最低权限才能授予S3文件上载访问权限?

时间:2020-07-16 05:41:04

标签: amazon-web-services amazon-s3 amazon-cognito

我使用HTML和Javascript在S3上上传文件。我遇到一个问题->我为未经身份验证的实体创建了一个角色,并为其分配了以下策略。

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:putObject"
            ],
            "Resource": [
                "arn:aws:s3:::bucket-name/*"
            ]
        }
    ]
}

我收到一个访问被拒绝的错误。但是当我给出的权限为

“ s3:*” 我可以上传文件。我可以赋予最低权限以使其正常工作

2 个答案:

答案 0 :(得分:1)

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:GetObjectAcl",
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::bucket-name/*"
        }
    ]
}

答案 1 :(得分:0)

对于删除和上传,我们可以使用权限

    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObjectAcl",
                "s3:DeleteObjectVersion",
                "s3:ListBucket",
                "s3:DeleteObject",
                "s3:GetBucketLocation",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::BUCKET_NAME/*",
                "arn:aws:s3:::BUCKET_NAME"
            ]
        }
    ]
}
相关问题
最新问题