如何允许读取除单个文件夹及其内容之外的所有对象?下面的规则阻止了我整个桶..(无法读取桶)
如果无法使用此功能,我如何允许读取根目录下的文件但拒绝所有子文件夹?
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ListBucket",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::my-bucket"
},
{
"Sid": "ReadOnly",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket/*"
},
{
"Sid": "DenyOneFolder",
"Effect": "Deny",
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::my-bucket/my-folder",
"arn:aws:s3:::my-bucket/my-folder/*"
]
}
]
}
我的桶结构:
- 我的桶
- 我的文件夹
- 对象3
- 对象1
- 对象2
- 我的文件夹