我试图将IAM用户之一的访问权限限制为S3存储桶中的“文件夹”。我以为我已正确配置了此配置,但是读取访问权限似乎无法正常工作。
{
"Sid": "TEST_PublicReadGetObject",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::807676775814:user/project/api/testuserapi-abc123"
},
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketByTags",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts"
],
"Resource":
"arn:aws:s3:::testbucket-securitytest/timeline/*"
}
有什么我想念的吗?进行这些更改有时会延迟还是应该立即进行?
答案 0 :(得分:0)
我想我发现我必须首先允许ListBucket访问,然后添加Action以仅允许该“文件夹”使用GetObject。 :) ---只需要更彻底地阅读文档
{
"Sid": "TEST_ListItems",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::807676775814:user/project/api/testuserapi"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::testbucket"
},
{
"Sid": "TEST_PublicReadGetObject",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::807676775814:user/project/api/testuserapi
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::testbucket/Timeline/*"
}`