有一個在Writing IAM Policies: How to Grant Access to an Amazon S3 Bucket
只需複製並粘貼相應的規則,將「資源」關鍵是你斗的ARN中的所有語句官方AWS文檔。
對於programamtic訪問的政策應該是:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::bar"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::bar/*"]
}
]
}
而對於控制檯訪問訪問應該是:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::bar*"
},
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::bar"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::bar/*"]
}
]
}
一些細微差別:似乎'bar/*'需要訪問'bar'桶中的對象,而'bar'則需要列出/修改存儲桶本身。 – phyzome
使用Cyberduck通過上述許可訪問S3似乎不起作用。 CyberDock可能需要@Suman提及的ListAllMyBuckets。但是,如果您使用[timkay.com](http://www.timkay.com/aws/)中的命令行工具,則此功能完美無缺。 –
非常感謝。我F $%#@^ING討厭s3,其繁瑣的政策。只是浪費了2個小時,直到我終於找到解決方案。 – Nimo