Amazon web services AWS S3 CloudFormation只读权限
我正在尝试创建两个用户并向s3存储桶授予user1只读权限,我还需要授予user2读写权限。以下是我迄今为止所做的工作Amazon web services AWS S3 CloudFormation只读权限,amazon-web-services,amazon-s3,aws-lambda,amazon-cloudformation,Amazon Web Services,Amazon S3,Aws Lambda,Amazon Cloudformation,我正在尝试创建两个用户并向s3存储桶授予user1只读权限,我还需要授予user2读写权限。以下是我迄今为止所做的工作 AWSTemplateFormatVersion: "2010-09-09" Resources: s3Bucket: Type: AWS::S3::Bucket Properties: AccessControl: Private User1: Type: AWS::IAM::User User2: Type:
AWSTemplateFormatVersion: "2010-09-09"
Resources:
s3Bucket:
Type: AWS::S3::Bucket
Properties:
AccessControl: Private
User1:
Type: AWS::IAM::User
User2:
Type: AWS::IAM::User
User1Key:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref 'User1'
User2Key:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref 'User2'
Outputs:
AccessKey:
Value: !Ref 'User1Key'
Description: AWSAccessKeyId of User 1
SecretKey:
Value: !GetAtt [User1Key, SecretAccessKey]
Description: AWSSecretAccessKey of User 1
AccessKey2:
Value: !Ref 'User2Key'
Description: AWSAccessKeyId of User 2
SecretKey2:
Value: !GetAtt [User2Key, SecretAccessKey]
Description: AWSSecretAccessKey of User 2
我不知道如何实现这个方法之一是使用IAM策略来实现同样的目标 看看下面的代码。我们正在创建两个策略,一个用于读取,一个用于写入。一个用户同时被分配读策略和写策略,另一个用户只被分配读策略
AWSTemplateFormatVersion: "2010-09-09"
Resources:
s3Bucket:
Type: AWS::S3::Bucket
Properties:
AccessControl: Private
S3ReadPolicy:
Type: "AWS::IAM::Policy"
Properties:
PolicyName: "S3ReadPolicy"
PolicyDocument:
Statement:
- Action: s3:GetObject
Effect: Allow
Resource: !Sub "arn:aws:s3:::${s3Bucket}/*"
- Action: s3:ListBucket
Effect: Allow
Resource: !Sub "arn:aws:s3:::${s3Bucket}"
Users:
- Ref: User1
- Ref: User2
S3WritePolicy:
Type: "AWS::IAM::Policy"
Properties:
PolicyName: "S3WritePolicy"
PolicyDocument:
Statement:
- Action: s3:PutObject
Effect: Allow
Resource: !Sub "arn:aws:s3:::${s3Bucket}/*"
Users:
- Ref: User2
User1:
Type: AWS::IAM::User
User2:
Type: AWS::IAM::User
User1Key:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref "User1"
User2Key:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref "User2"
Outputs:
AccessKey:
Value: !Ref "User1Key"
Description: AWSAccessKeyId of User 1
SecretKey:
Value: !GetAtt [User1Key, SecretAccessKey]
Description: AWSSecretAccessKey of User 1
AccessKey2:
Value: !Ref "User2Key"
Description: AWSAccessKeyId of User 2
SecretKey2:
Value: !GetAtt [User2Key, SecretAccessKey]
Description: AWSSecretAccessKey of User 2
希望这有帮助修改答案,使用IAM策略而不是bucket策略更正答案,将IAM策略改为BucketPolicy