1. 首頁
  2. 問答
  3. S3 S3的AWS列表用戶文件夾

S3 S3的AWS列表用戶文件夾

2015-04-28 88 views
0

創建C#應用程序以查看存儲在AWS S3中的文件夾和註冊到我的網站的客戶端的文件。S3 S3的AWS列表用戶文件夾

目前我可以創建IAM用戶並將其權限分配給特定的文件夾。但當我試圖查看文件夾及其內容時遇到問題。如果我使用AWS訪問密鑰和密鑰,但是想知道是否有用戶級別證書可用於檢索用戶已獲得權限的文件夾,我可以查看該文件夾?

這就是我到目前爲止所得到的。

  Policy pl = GeneratePolicy(bucketName, foldername); 
      Credentials creds = GetFederatedCredentials(pl, username); 


      var sessionCredentials = new SessionAWSCredentials(creds.AccessKeyId, creds.SecretAccessKey, creds.SessionToken); 

      using (var client = new AmazonS3Client(sessionCredentials, Amazon.RegionEndpoint.USEast1)) 
      { 
       var response = client.ListObjects(request); 

       foreach (var subFolder in response.CommonPrefixes) 
       { 
        /* list the sub-folders */ 

        Console.WriteLine(subFolder); 
       } 
       foreach (var file in response.S3Objects) 
       { 
        /* list the files */ 
       } 
      }

但只有讓client.ListObjects錯誤(要求) - 拒絕訪問錯誤

這裏是GeneratePolicy代碼

public static Policy GeneratePolicy(string bucket, string username) 
    { 
     var statement = new Statement(Statement.StatementEffect.Allow); 

     // Allow access to the sub folder represented by the username in the bucket 
     statement.Resources.Add(ResourceFactory.NewS3ObjectResource(bucket, username + "/*")); 

     // Allow Get and Put object requests. 
     statement.Actions = new List<ActionIdentifier>() { S3ActionIdentifiers.GetObject, S3ActionIdentifiers.PutObject }; 

     // Lock the requests coming from the client machine. 
     //statement.Conditions.Add(ConditionFactory.NewIpAddressCondition(ipAddress)); 

     var policy = new Policy(); 
     policy.Statements.Add(statement); 

     return policy; 
    }

這裏是GetFederatedCredentials代碼

public static Credentials GetFederatedCredentials(Policy policy, string username) 
    { 
     var request = new GetFederationTokenRequest() 
     { 
      Name = username, 
      Policy = policy.ToJson() 
     }; 

     var stsClient = new AmazonSecurityTokenServiceClient(AWS_ACCESS_KEY, AWS_SECRET_KEY, Amazon.RegionEndpoint.USEast1); 

     var response = stsClient.GetFederationToken(request); 
     return response.GetFederationTokenResult.Credentials; 
    }

任何幫助將不勝感激。在此先感謝

來源

2015-04-28 dogwasstar

回答

0

您應該添加「ListBucket」的聲明。動作

來源

2015-04-28 16:04:24

相關問題

 相關問題