Amazon web services S3是否提供任何bucket策略,以便在有限的时间内将对象共享给IAM用户?
我想在有限的时间窗口内与IAM用户(testuser)共享我的bucket(sourcebucket)。AWS是否提供任何bucket策略,以便我可以在有限的时间范围内与IAM用户共享我的bucket对象Amazon web services S3是否提供任何bucket策略,以便在有限的时间内将对象共享给IAM用户?,amazon-web-services,amazon-s3,amazon-iam,Amazon Web Services,Amazon S3,Amazon Iam,我想在有限的时间窗口内与IAM用户(testuser)共享我的bucket(sourcebucket)。AWS是否提供任何bucket策略,以便我可以在有限的时间范围内与IAM用户共享我的bucket对象 { "Version": "2012-10-17", "Statement": [ { "Sid": "DelegateS3Access", "Effect": "Allow", "Prin
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DelegateS3Access",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::12345678910:user/testuser"
},
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::sourcebucket/*",
"arn:aws:s3:::sourcebucket"
]
}
]
}
AWS是否提供任何bucket策略,以便我可以在有限的时间范围内与IAM用户共享我的bucket对象
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DelegateS3Access",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::12345678910:user/testuser"
},
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::sourcebucket/*",
"arn:aws:s3:::sourcebucket"
]
}
]
}
对
检查dategreaterther
和DateLessThan
条件和aws:CurrentTime
条件键。以下是一个示例,使用问题中的策略作为基础:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DelegateS3Access",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::12345678910:user/testuser"
},
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::sourcebucket/*",
"arn:aws:s3:::sourcebucket"
],
"Condition": {
"DateGreaterThan": {"aws:CurrentTime": "2020-04-01T00:00:00Z"},
"DateLessThan": {"aws:CurrentTime": "2020-06-30T23:59:59Z"}
}
}
]
}
以下是一些有用的链接: