San*_*ich 2 permissions amazon-s3 amazon-web-services user-permissions
我想通过管理控制台授予 AWS IAM 组上传、查看、修改和删除单个存储桶中对象的权限。我已经解决了大部分问题,但是我收到报告说该组中的用户无法修改对象元数据- 他们收到“对不起!您被拒绝访问这样做!” 对话。
这是我的政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1403204838000",
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::example-bucket"
]
},
{
"Sid": "Stmt1403205082000",
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": [
"arn:aws:s3:::*"
]
},
{
"Sid": "Stmt1403205119000",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::example-bucket/*"
]
}
]
}
有谁知道我需要分配哪些 S3 操作以允许组访问修改对象属性(特别是元数据)?
小智 6
刚刚做了一个漫长的消除过程,发现这是我对命令行和控制台更新元数据至少可以逃脱的:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::BUCKET_NAME",
"Condition": {}
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:GetObjectAcl",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::BUCKET_NAME/*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*",
"Condition": {}
}
]
}
| 归档时间: |
|
| 查看次数: |
4171 次 |
| 最近记录: |