我有这个政策:
geom_point()
目前该策略下的用户可以{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::static.MYURL.com",
"arn:aws:s3:::static.MYURL.com/images/carousel/*"
]
}
]
}
List
存储桶内的所有对象。
如何限制只能看到 static.MYURL.com
下的对象?
我只是希望用户可以列出、删除、获取和读取该文件夹内的对象
答案 0 :(得分:1)
答案 1 :(得分:1)
是的,您可以查看@amitd 提供的一些有用链接。以下是有望满足您需求的示例政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::static.MYURL.com",
"arn:aws:s3:::static.MYURL.com/images/carousel/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::static.MYURL.com"
],
"Condition": {
"StringLike": {
"s3:prefix": [
"images/carousel/*"
]
}
}
}
]
}