cnv*_*mcx 10 amazon-s3 amazon-web-services
我在amazon s3上创建了一个存储桶,并添加了存储桶策略,为另一个用户帐户提供了上传文件的权限.我添加了以下存储桶策略.
但是,现在我自己无法下载共享者上传的文件.我想我没有给他们acl权利.我该如何继续下载文件.他们可以为他们上传的文件授予他们的许可吗?
{
"Version": "2008-10-17",
"Id": "Policyxxxxxxxxxxxx",
"Statement": [
{
"Sid": "Stmtxxxxxxxxxxxxx",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<account_number>:root"
},
"Action": [
"s3:AbortMultipartUpload",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::<bucket_name>/*"
},
{
"Sid": "Stmtxxxxxxxxxxx",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<account_number>:root"
},
"Action": [
"s3:PutBucketLogging",
"s3:PutBucketNotification",
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::<bucket_name>"
}
]
}
所以问题是亚马逊s3存储桶只将存储桶策略应用于存储桶拥有者拥有的对象.因此,如果您是存储桶拥有者并通过存储桶策略赋予了对象权限,这意味着您还需要确保在对象上载期间授予您权限.在授予上传对象的跨帐户权限时,可以仅限制仅具有读取权限的对象.
资料来源:http://docs.aws.amazon.com/AmazonS3/latest/dev/AccessPolicyLanguage_UseCases_s3_a.html 相关讨论:https://forums.aws.amazon.com/thread.jspa ?messageID = 524342&%20#52242 示例桶政策:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"111",
"Effect":"Allow",
"Principal":{
"AWS":"1111111111"
},
"Action":"s3:PutObject",
"Resource":"arn:aws:s3:::examplebucket/*"
},
{
"Sid":"112",
"Effect":"Deny",
"Principal":{
"AWS":"1111111111"
},
"Action":"s3:PutObject",
"Resource":"arn:aws:s3:::examplebucket/*",
"Condition":{
"StringNotEquals":{
"s3:x-amz-grant-full-control":[
"emailAddress=xyz@amazon.com"
]
}
}
}
]
}
| 归档时间: |
|
| 查看次数: |
9751 次 |
| 最近记录: |