I am using inline policy for grant access to s3 bucket for IAM user
我正在使用内联策略为IAM用户授予对s3存储桶的访问权限
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1513073615000",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::newput-test"
]
}
]
}
but on extended s3 browser when I use the access key id and secret access key of particular IAM user is not listing my bucket.but when I pass * in resources It works fine
但在扩展的s3浏览器上,当我使用访问密钥ID和特定IAM用户的秘密访问密钥时,我没有列出我的桶。但是当我在资源中传递*它工作正常
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1513073615000",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"*"
]
}
]
}
but the problem is its giving access to all the s3 bucket to IAM user. but I want to give access only single bucket anybody have an idea how to achieve this.
但问题是它允许访问IAM用户的所有s3桶。但我想只提供访问单个桶任何人都知道如何实现这一目标。
1 个解决方案
#1
1
Try something like this
尝试这样的事情
{
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::mys3bucket",
"arn:aws:s3:::mys3bucket/*"
]
}
]
}
Its been explained here. http://www.fizerkhan.com/blog/posts/Restrict-user-access-to-Single-S3-Bucket-using-Amazon-IAM.html
这里已经解释过了。 http://www.fizerkhan.com/blog/posts/Restrict-user-access-to-Single-S3-Bucket-using-Amazon-IAM.html
#1
1
Try something like this
尝试这样的事情
{
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::mys3bucket",
"arn:aws:s3:::mys3bucket/*"
]
}
]
}
Its been explained here. http://www.fizerkhan.com/blog/posts/Restrict-user-access-to-Single-S3-Bucket-using-Amazon-IAM.html
这里已经解释过了。 http://www.fizerkhan.com/blog/posts/Restrict-user-access-to-Single-S3-Bucket-using-Amazon-IAM.html