Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/14.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services 为S3存储桶分配角色需要哪些权限?_Amazon Web Services_Amazon S3_Amazon Iam - Fatal编程技术网
Fatal编程技术网

Amazon web services 为S3存储桶分配角色需要哪些权限?

amazon-web-services amazon-s3

Amazon web services 为S3存储桶分配角色需要哪些权限?,amazon-web-services,amazon-s3,amazon-iam,Amazon Web Services,Amazon S3,Amazon Iam,我有一个开发人员正在使用S3 bucket开发一些服务,希望能够为她的bucket分配角色和用户。我真的不想给她完整的IAM权限,但我有点不确定哪些权限将有助于设置此权限。有什么想法吗?您可以编写IAM策略,授予她对您希望她控制的特定S3存储桶的完全访问权限。您可以授予对特定S3资源的编程访问权或AWS管理控制台访问权 例如: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "A

我有一个开发人员正在使用S3 bucket开发一些服务,希望能够为她的bucket分配角色和用户。我真的不想给她完整的IAM权限,但我有点不确定哪些权限将有助于设置此权限。有什么想法吗?

您可以编写IAM策略,授予她对您希望她控制的特定S3存储桶的完全访问权限。您可以授予对特定S3资源的编程访问权或AWS管理控制台访问权

例如:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListAllMyBuckets"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::test"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": ["arn:aws:s3:::test/*"]
    }
  ]
}
还要考虑创建有问题的,然后利用
iam:PassRole
使她能够将此角色分配给其他实体

{
    "Sid": "PolicyStatementToAllowUserToPassOneSpecificRole",
    "Effect": "Allow",
    "Action": [ "iam:PassRole" ],
    "Resource": "arn:aws:iam:::role/My-S3-Role"
}