Question

AWS的新功能。我正在尝试授予用户仅对具有特定命名约定的S3存储桶的访问权限。我有这样的基本政策：

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "AllowActionsForProjectbucket",
        "Effect": "Allow",
        "Action": ["s3:*"],
        "Resource": [
            "arn:aws:s3:::bucket-*/*",
            "arn:aws:s3:::bucket-*"
        ]
    },
}

但是，运行时出现“访问被拒绝”错误。

An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied

我对错误消息感到困惑，因为我认为s3：* Action覆盖了ListBuckets，但也许是其他原因。

Answer 1

将以下策略添加到您的AWS IAM用户。

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                        "s3:GetBucketLocation",
                        "s3:ListAllMyBuckets"
                      ],
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::YOUR-BUCKET",
                "arn:aws:s3:::YOUR-BUCKET/*"
            ]
        }
    ]
}

https://www.serverkaka.com/2018/05/grant-access-to-only-one-s3-bucket-to-aws-user.html

权限有助于设置用户对S3的访问权限

1 个答案: