1

我正在尝试设置对 Amazon 上特定文件夹的只读访问权限。我有一个“公司”存储桶和文件夹“软件”。出于某种原因,以下代码对我不起作用(我正在使用 CloudBerry 进行验证):

{
    "Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "s3:Get*",
            "s3:List*"
        ],
        "Resource": "arn:aws:s3:::corporate/software/*"
    }
    ]
}

但如果我使用:

"Resource": "*"

我能看到所有的桶......我错过了什么吗?

4

1 回答 1

3

下面的代码对我有用:

{
    "Statement": [
{
    "Effect": "Allow",
    "Action": [
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:ListBucketMultipartUploads"
    ],
    "Resource": "arn:aws:s3:::corporate",
    "Condition": {}
    },
    {
    "Effect": "Allow",
    "Action": [
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:GetObjectVersion",
        "s3:GetObjectVersionAcl"
    ],
    "Resource": "arn:aws:s3:::corporate/software/*",
    "Condition": {}
    },
    {
        "Effect": "Allow",
        "Action": "s3:ListAllMyBuckets",
        "Resource": "*",
        "Condition": {}
    }
]
}
于 2012-11-10T02:37:20.570 回答