Zac*_*Zac 4 amazon-s3 amazon-web-services amazon-iam
我正在努力使AWS S3 IAM用户策略起作用,这是我当前的IAM用户策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1424859689000",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::vault-us/*"
]
}
]
}
当我在我的S3存储桶中创建新对象的帖子时,我得到403 Forbidden错误,但是当我使用名为"AmazonS3FullAccess"的托管策略时,一切正常.
我想要做的是限制某些IAM用户上传/下载权限,但我正在努力让这个工作.
任何建议,将不胜感激!
Zac*_*Zac 10
我设法弄清楚为了上传工作我需要包含动作"s3:PutObjectAcl"这里是我的IAM策略的示例如下:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::vault-us"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::vault-us/*"
]
}
]
}
| 归档时间: |
|
| 查看次数: |
4014 次 |
| 最近记录: |