小编kol*_*iks的帖子

\n

1. 我有一个桶，里面有文件

   \n
\n

2. 我已通过存储桶策略向 test-user1（在 IAM 中具有 AdministratorAccess 策略）授予完全访问权限

   \n
\n

    "Version": "2012-10-17",\n    "Id": "Policy1595762326470",\n    "Statement": [\n        {\n            "Sid": "Stmt1595762736524",\n            "Effect": "Allow",\n            "Principal": {\n                "AWS": "arn:aws:iam::xxx:user/test-user1"\n            },\n            "Action": [\n                "s3:*"\n            ],\n            "Resource": "arn:aws:s3:::test-user1-bucket"\n        }\n    ]\n}\n

\n

3. 存储桶对该存储桶使用 AWS-KMS（CMK 加密），并且 test-user1 不在该 \xd1\x81ustomer 托管密钥的关键用户列表中

   \n
\n

4. 主要政策如下：

   \n
\n

{\n    "Id": "key-consolepolicy-3",\n    "Version": "2012-10-17",\n    "Statement": [\n        {\n            "Sid": "Enable IAM User Permissions",\n            "Effect": "Allow",\n            "Principal": {\n                "AWS": "arn:aws:iam::xxx:root"\n            },\n            "Action": "kms:*",\n            "Resource": "*"\n        },\n        {\n            "Sid": "Allow …