Bootstrap

AWS S3 最小目录权限(qbit)

2022-03-11 作者: qbit

前言

  • 需求是给某个用户一个 S3 目录的查看、上传、下载、删除权限

  • 需要建立一个 IAM 用户,qbit 事前想给一个用户的不同 AK/SK 不同的 目录权限是做不到的

权限策略

  • 目录

s3://my_bucket/qbit/data/

  • 权限策略

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws-cn:s3:::my_bucket",
            "Condition": {
                "StringLike": {
                    "s3:prefix": "qbit/data/*"
                }
            }
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws-cn:s3:::my_bucket/qbit/data/*"
        }
    ]
}

  • 必须定义成两部分是因为不一样,不能写成下面这样

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws-cn:s3:::my_bucket/qbit/data/*"
        }
    ]
}

参考文献

  • AWS 官方博客:

  • AWS 官方博客:

本文出自

关于我们

Customize this section to tell your visitors a little bit about your publication, writers, content, or something else entirely. Totally up to you.

热门标签

Elsewhere

  1. GitHub
  2. 竹心导航

返回顶部