Question

我通过ACL获得了对S3文件夹的完全访问权限。但是，当我尝试列出该文件夹中的对象时，我得到了一个

错误：访问存储桶＆＃39; [存储桶名称]＆＃39;被拒绝

我无法访问存储桶。我只能访问该文件夹。最终，我需要查看此文件夹中的文件并在其上运行EMR作业。

Answer 1

授予“文件夹”访问权限的一个很好的解释如下：

Writing IAM policies: Grant access to user-specific folders in an Amazon S3 bucket

看看示例的第3个块：

{
 "Version":"2012-10-17",
 "Statement": [
   {
     "Sid": "AllowUserToSeeBucketListInTheConsole",
     "Action": ["s3:ListAllMyBuckets", "s3:GetBucketLocation"],
     "Effect": "Allow",
     "Resource": ["arn:aws:s3:::*"]
   },
  {
     "Sid": "AllowRootAndHomeListingOfCompanyBucket",
     "Action": ["s3:ListBucket"],
     "Effect": "Allow",
     "Resource": ["arn:aws:s3:::my-company"],
     "Condition":{"StringEquals":{"s3:prefix":["","home/"],"s3:delimiter":["/"]}}
    },
   {
     "Sid": "AllowListingOfUserFolder",
     "Action": ["s3:ListBucket"],
     "Effect": "Allow",
     "Resource": ["arn:aws:s3:::my-company"],
     "Condition":{"StringLike":{"s3:prefix":["home/David/*"]}}
   },
   {
     "Sid": "AllowAllS3ActionsInUserFolder",
     "Effect": "Allow",
     "Action": ["s3:*"],
     "Resource": ["arn:aws:s3:::my-company/home/David/*"]
   }
 ]
}

访问S3对象但不访问存储桶

1 个答案: