Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/14.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/amazon-s3/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services S3完全访问的Cloudformation AWS::IAM::Policy的正确语法是什么_Amazon Web Services_Amazon S3_Amazon Cloudformation - Fatal编程技术网
Fatal编程技术网
  • amazon-web-services/
  • Amazon web services S3完全访问的Cloudformation AWS::IAM::Policy的正确语法是什么

Amazon web services S3完全访问的Cloudformation AWS::IAM::Policy的正确语法是什么

amazon-web-services amazon-s3 amazon-cloudformation

Amazon web services S3完全访问的Cloudformation AWS::IAM::Policy的正确语法是什么,amazon-web-services,amazon-s3,amazon-cloudformation,Amazon Web Services,Amazon S3,Amazon Cloudformation,在CloudFormation脚本中,我创建了一个IAM::策略,该策略将应用于Kinesis消防软管。它具有以下PolicyDocument语句 Statement: - Effect: Allow Action: - 's3:AbortMultipartUpload' - 's3:GetBucketLocation' - 's3:GetObject' - 's3:ListBucket' - 's3:ListBucketM

在CloudFormation脚本中,我创建了一个IAM::策略,该策略将应用于Kinesis消防软管。它具有以下PolicyDocument语句

Statement:
  - Effect: Allow
    Action:
      - 's3:AbortMultipartUpload'
      - 's3:GetBucketLocation'
      - 's3:GetObject'
      - 's3:ListBucket'
      - 's3:ListBucketMultipartUploads'
      - 's3:PutObject'
    Resource: arn:aws:s3:::mybucketname
这来自AWS文档

当我用测试数据测试它时,它不允许任何数据通过。如果我编辑策略并添加S3FullAccess,它将开始允许测试数据通过S3存储桶。我也试过了

资源:arn:aws:s3::mybucketname/*

得到同样的结果

如果我将CloudFormation脚本更改为

Statement:
  - Effect: Allow
    Action: 's3:*'
    Resource: '*'
它允许测试数据通过

第一条语句有什么问题?

这些操作在bucket级别运行,需要arn:aws:s3::mybucketname:

s3:GetBucketLocation s3:ListBucket s3:ListBucketMultiportupLoads
这些操作在对象级别运行,需要arn:aws:s3::mybucketname/*资源或特定前缀,如arn:aws:s3::mybucketname/invoices/*:

s3:中止多部件上载 s3:GetObject s3:PutObject 通过查看以下位置的“资源类型”列,可以确定某个操作是在Bucket级别还是在对象级别操作:

您可以单独列出这些操作,也可以将它们与以下内容结合使用:

    Action:
      - 's3:AbortMultipartUpload'
      - 's3:GetBucketLocation'
      - 's3:GetObject'
      - 's3:ListBucket'
      - 's3:ListBucketMultipartUploads'
      - 's3:PutObject'
    Resource:
      - arn:aws:s3:::mybucketname
      - arn:aws:s3:::mybucketname/*
看看你能不能试试。它是一个在线云信息模板生成器