这是我在 Amazon S3 中编写的策略。我认为它应该允许访问子文件夹,因为 * 但当用户尝试创建或查看子文件夹时,它会给出访问被拒绝的错误。我怎样才能改变这个工作?
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowUserToSeeBucketListInTheConsole",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*"
]
},
{
"Sid": "AllowRootAndMediaListingOfCompanyBucket",
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::mycoolbucket"
],
"Condition": {
"StringEquals": {
"s3:prefix": [
"",
"media/"
],
"s3:delimiter": [
"/"
]
}
}
},
{
"Sid": "AllowAllS3ActionsInMediaFolder",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::mycoolbucket/media/*"
]
}
]
}
更多细节:
我以用户身份登录控制台。我去了媒体文件夹。然后我单击媒体内的文件夹并收到消息“错误访问被拒绝”。
您缺少列出媒体文件夹内容的权限。将以下声明添加到您的政策中。
注意:您的策略应添加到用户而不是存储桶本身。更好的选择是创建一个 IAM 组,将策略附加到该组,然后将每个用户添加到该组(您提到您正在这样做)。
{
"Sid": "AllowListingOfMediaFolder",
"Action": ["s3:ListBucket"],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::mycoolbucket"],
"Condition":{"StringLike":{"s3:prefix":["media/*"]}}
},
小智 6
通过此策略,我能够授予对 Amazon S3 中文件夹的所有子文件夹的访问权限
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::<<bucketname>>",
"Condition": {
"StringLike": {
"s3:prefix": "foldername/*"
}
}
},
{
"Sid": "",
"Effect": "Allow",
"Action": [
"s3:GetObject*",
"s3:PutObject*",
"s3:ListBucket",
"s3:DeleteObject*"
],
"Resource": "arn:aws:s3:::<<bucketname>>/foldername/*"
}
]
}
| 归档时间: |
|
| 查看次数: |
5168 次 |
| 最近记录: |