AWS 将策略设置为特定的 S3 存储桶文件夹

时间:2021-04-13 14:55:38

标签: amazon-web-services amazon-s3 amazon-iam

我有这个政策:

geom_point()

目前该策略下的用户可以{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:ListBucket", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::static.MYURL.com", "arn:aws:s3:::static.MYURL.com/images/carousel/*" ] } ] } List 存储桶内的所有对象。

如何限制只能看到 static.MYURL.com 下的对象?

我只是希望用户可以列出、删除、获取和读取该文件夹内的对象

2 个答案:

答案 0 :(得分:1)

请参考 AWS 提供的以下文档;

  1. Grant Access to User-Specific Folders in an Amazon S3 Bucket

  1. How can I grant a user access to a specific folder in my Amazon S3 bucket?

  1. How can I use IAM policies to grant user-specific access to specific folders?

您可以使用AWS Policy Generator

答案 1 :(得分:1)

是的,您可以查看@amitd 提供的一些有用链接。以下是有望满足您需求的示例政策:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::static.MYURL.com",
                "arn:aws:s3:::static.MYURL.com/images/carousel/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::static.MYURL.com"
            ],
            "Condition": {
                "StringLike": {
                    "s3:prefix": [
                        "images/carousel/*"
                    ]
                }
            }
        }
    ]
}
相关问题
最新问题