我正在尝试配置 Kinesis Firehose 传输流以将文件写入 S3。我创建了 Firehose 流以使用名为att1
.
这是附加到att
的配置的策略。我从这里的页面获取格式https://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-s3
我已经验证了该政策,但我不确定它是否正确。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:*",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::s3bucket",
"arn:aws:s3:::s3bucket/*"
]
},
{
"Effect": "Allow",
"Action": [
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Resource": [
"arn:aws:kms:us-east-1:515766555555:key/cdee14ca-12b1-4790-9513-d007a3192f43"
],
"Condition": {
"StringEquals": {
"kms:ViaService": "s3.us-east-1.amazonaws.com"
},
"StringLike": {
"kms:EncryptionContext:aws:s3:arn": "arn:aws:s3:::s3bucket*"
}
}
}
]
}
配置显然已针对隐私设置进行了编辑,否则直接从策略中复制