Amazon-Web-Services
AWS 使用策略設置 s3 儲存桶目錄訪問權限
我正在嘗試在AWS上創建一個策略,允許訪問 s3 儲存桶中的特定文件夾。根據文件,這可以通過以下策略完成
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowUserToSeeBucketListInTheConsole", "Action": [ "s3:ListAllMyBuckets", "s3:GetBucketLocation" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::*" ] }, { "Sid": "AllowRootAndHomeListingOfCompanyBucket", "Action": [ "s3:ListBucket" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::my-policy-test" ], "Condition": { "StringEquals": { "s3:prefix": [ "", "home/", "home/test-folder1" ], "s3:delimiter": [ "/" ] } } }, { "Sid": "AllowListingOfUserFolder", "Action": [ "s3:ListBucket" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::my-policy-test" ], "Condition": { "StringLike": { "s3:prefix": [ "home/test-folder1/*" ] } } }, { "Sid": "AllowAllS3ActionsInUserFolder", "Effect": "Allow", "Action": [ "s3:*" ], "Resource": [ "arn:aws:s3:::my-policy-test/home/test-folder1/*" ] } ] }
我創建了一個使用者來檢查此策略是否按預期工作,但不幸的是它沒有。當我使用測試使用者登錄時,我可以看到儲存桶中的文件夾,但我無法訪問我想要的名為“test-folder1”的文件夾。
**問題:**如何更改此策略以允許訪問 test-folder1?
home
您的 S3 儲存桶中有文件夾嗎?您指的是home
策略中的文件夾,但您沒有在測試使用者的測試中提及它。查看該策略,我期望以下 S3 結構:
arn:aws:s3:::my-policy-test - home - home/test-folder1 (should have the rights here) - other_folder
鑑於您的政策,這應該可行。