Cha*_*ene 1 amazon-s3 amazon-web-services amazon-iam
我正在尝试为 lambda 角色创建 IAM 策略,该策略将授予删除对象的权限。如果我不指定资源,则此策略有效,但我想将其限制为特定存储桶:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::bucketname/*",
"arn:aws:s3:::bucketname"
]
}
] }
我在这里缺少什么?
从文档中
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":["s3:ListBucket","s3:GetBucketLocation"],
"Resource":"arn:aws:s3:::awsexamplebucket1"
},
{
"Effect":"Allow",
"Action":[
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject"
],
"Resource":"arn:aws:s3:::awsexamplebucket1/*"
}
]
}
确保您的 lambda 的 IAM 角色具有信任策略设置。
| 归档时间: |
|
| 查看次数: |
12183 次 |
| 最近记录: |