如何通过AWS CLI更新Amazon S3存储桶策略?

时间:2020-10-30 15:08:17

标签: amazon-web-services amazon-s3 amazon-ec2 aws-cli

我需要在Amazon S3存储桶策略中添加新行“ arn:aws:sts :: 1262767:assumed-role / EC2-support-services”。

类似这样的东西:

之前:

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddCannedAcl",
      "Effect":"Allow",
    "Principal": {"AWS": ["arn:aws:iam::111122223333:root","arn:aws:iam::444455556666:root"]},
      "Action":["s3:PutObject","s3:PutObjectAcl"],
      "Resource":"arn:aws:s3:::awsexamplebucket1/*",
      "Condition":{
     "StringNotLike": {
        "aws:arn": [
          "arn:aws:sts::1262767:assumed-role/GR_COF_AWS_Prod_Support/*"
        ]
      }       
     }
   
    }
  ]
}

之后:

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddCannedAcl",
      "Effect":"Allow",
    "Principal": {"AWS": ["arn:aws:iam::111122223333:root","arn:aws:iam::444455556666:root"]},
      "Action":["s3:PutObject","s3:PutObjectAcl"],
      "Resource":"arn:aws:s3:::awsexamplebucket1/*",
      "Condition":{
     "StringNotLike": {
        "aws:arn": [
          "arn:aws:sts::1262767:assumed-role/GR_COF_AWS_Prod_Support/*",
           "arn:aws:sts::1262767:assumed-role/EC2-support-services"
        ]
      }       
     }
   
    }
  ]
}

添加此行需要使用什么AWS CLI命令?

1 个答案:

答案 0 :(得分:1)

为此,您需要使用put-bucket-policy命令覆盖现有的存储桶策略,因为没有版本控制。

运行此命令的示例将是以下命令

aws s3api put-bucket-policy --bucket MyBucket --policy file://policy.json

通过将当前策略和新策略存储为JSON文件,如果需要回滚,可以通过更新--policy参数中的文件名来在命令之间切换。