rmf*_*rmf 1 amazon-s3 amazon-web-services amazon-iam
我有一个S3桶.我在这个帐户中有几个IAM用户.我想设置一个存储桶策略,多个用户可以访问此存储桶.
为了访问单个用户,我的存储桶策略如下所示:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::8474632:user/personA"
},
"Action": [
"s3:getObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:getObjectAcl",
"s3:GetObjectVersion"
],
"Resource": "arn:aws:s3:::thisbucket/*"
}
]
}
我试图改变这一行:
"AWS": "arn:aws:iam::8474632:user/personA"
至
"AWS": "arn:aws:iam::8474632:user/*"
允许访问所有用户,但这不起作用.
我可以逐个列出所有/一些用户:
"Principal": {
"AWS": ["arn:aws:iam::111122223333:user/PersonA",
"arn:aws:iam::111122223333:user/PersonB"]
},
是否有更好的方法允许桶访问一组用户或所有用户?
小智 5
可能另一种方法是使用附加到所有用户的IAM策略.你会创建一个政策,如:
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl"
],
"Resource": [
"arn:aws:s3:::bucket_name/*"
]
}
]
}
然后将该策略添加到新角色,然后将该角色与要访问的用户相关联.
| 归档时间: |
|
| 查看次数: |
877 次 |
| 最近记录: |