我正在嘗試設置使用Ruby SDK這樣的水桶政策:如何使用Ruby SDK設置Amazon存儲桶策略?
s3 = Aws::S3::Resource.new(region:'us-east-1')
obj = s3.bucket('my-bucket-name')
policy = AWS::S3::Policy.new
policy.allow(
:actions => [:get_object],
:resources => [obj],
:principals => :any)
obj.policy = policy
obj.save!
但它似乎並沒有被保存。我已瀏覽了ruby documentation,但尚不清楚如何執行此操作。如果可能的話,我也希望能夠打印出當前的存儲策略。
看看下面的例子。這使您可以設置策略並檢索策略(請記住更改存儲桶名稱並根據需要添加憑證/更改區域)。
您可能希望細化策略本身以將其限制爲某個對象(文件夾和文件都是對象)。請記住,如果您有S3佈局,例如my-bucket-name/folder/file,並且您希望僅限於該文件夾,那麼它將是arn:aws:s3:::my-bucket-name/folder/*作爲ARN。
require 'aws-sdk'
require 'json'
s3 = Aws::S3::Client.new(region: 'us-east-1')
policy = {
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::my-bucket-name/*"]
}
]
}
s3.put_bucket_policy({
bucket: "my-bucket-name",
policy: policy.to_json
})
=> #<struct Aws::EmptyStructure>
resp = s3.get_bucket_policy({
bucket: "my-bucket-name",
})
resp.policy.read
=> "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"AddPerm\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::my-bucket-name/*\"}]}"