我需要在Amazon S3存储桶策略中添加新行“ arn:aws:sts :: 1262767:assumed-role / EC2-support-services”。
类似这样的东西:
之前:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddCannedAcl",
"Effect":"Allow",
"Principal": {"AWS": ["arn:aws:iam::111122223333:root","arn:aws:iam::444455556666:root"]},
"Action":["s3:PutObject","s3:PutObjectAcl"],
"Resource":"arn:aws:s3:::awsexamplebucket1/*",
"Condition":{
"StringNotLike": {
"aws:arn": [
"arn:aws:sts::1262767:assumed-role/GR_COF_AWS_Prod_Support/*"
]
}
}
}
]
}
之后:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddCannedAcl",
"Effect":"Allow",
"Principal": {"AWS": ["arn:aws:iam::111122223333:root","arn:aws:iam::444455556666:root"]},
"Action":["s3:PutObject","s3:PutObjectAcl"],
"Resource":"arn:aws:s3:::awsexamplebucket1/*",
"Condition":{
"StringNotLike": {
"aws:arn": [
"arn:aws:sts::1262767:assumed-role/GR_COF_AWS_Prod_Support/*",
"arn:aws:sts::1262767:assumed-role/EC2-support-services"
]
}
}
}
]
}
添加此行需要使用什么AWS CLI命令?
答案 0 :(得分:1)
为此,您需要使用put-bucket-policy
命令覆盖现有的存储桶策略,因为没有版本控制。
运行此命令的示例将是以下命令
aws s3api put-bucket-policy --bucket MyBucket --policy file://policy.json
通过将当前策略和新策略存储为JSON文件,如果需要回滚,可以通过更新--policy
参数中的文件名来在命令之间切换。