我正在努力使AWS S3 IAM用户策略生效,这是我当前的IAM用户策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1424859689000",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::vault-us/*"
]
}
]
}
当我在S3存储桶中发布帖子以创建新对象时,出现403禁止错误,但是当我使用名为“ AmazonS3FullAccess”的托管策略时,一切正常。
我想做的是限制某些IAM用户上载/下载权限,但正在努力使其正常工作。
任何建议,将不胜感激!
我设法弄清楚,为了使上传正常工作,我需要添加操作“ s3:PutObjectAcl”,以下是我的IAM策略示例:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::vault-us"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::vault-us/*"
]
}
]
}
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句