运行"aws sync“命令所需的权限
运行"aws sync“命令所需的权限
提问于 2020-08-07 10:38:23
我正在尝试将IAM用户的访问权限限制为仅3个存储桶。我正在努力创建一个IAM策略,使IAM用户能够在AWS S3上同步文件。我已经写出了以下策略,但每次我运行aws sync命令来同步桌面上的文件夹和我的策略允许访问的存储桶时,终端似乎在没有输出任何响应或完成过程的情况下卡住了。有什么想法可能会丢失相同的权限吗?
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::bucket-1",
"arn:aws:s3:::bucket-2",
"arn:aws:s3:::bucket-3"
]
}
]}
回答 2
Stack Overflow用户
发布于 2020-08-07 11:32:34
一些S3命令需要存储桶级别的权限,而另一些命令则需要对象级别的权限。
解决这一问题的最简单方法是同时指定两者。
试试这个:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::bucket-1",
"arn:aws:s3:::bucket-2",
"arn:aws:s3:::bucket-3",
"arn:aws:s3:::bucket-1/*",
"arn:aws:s3:::bucket-2/*",
"arn:aws:s3:::bucket-3/*"
]
}
]
}Stack Overflow用户
发布于 2020-08-07 12:02:41
我不确定您是在尝试编写IAM策略还是存储桶策略?如果是后者。在这两种情况下,您都缺少对象级权限。对于存储桶存储桶策略,您也将丢失主体。
您还可以将对象或存储桶的语句分开。以下是存储桶策略的示例:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::xxxxx:user/a_user"
},
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::bucket-1",
"arn:aws:s3:::bucket-2",
"arn:aws:s3:::bucket-3"
]
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::xxxx:user/a_user"
},
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::bucket-1/*",
"arn:aws:s3:::bucket-2/*",
"arn:aws:s3:::bucket-3/*"
]
}
]
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/63294396
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号