1

我正在尝试编写一个 IAM 策略来执行以下操作:

  • 允许用户访问特定的存储桶
  • 只能上传选定的几种类型的文件.. 基于扩展名
  • 允许在该存储桶中创建文件夹

我已经设法做到了前两个,但我无法满足第三个要求。这是我尝试过的:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "s3:GetBucketLocation",
            "s3:ListAllMyBuckets"
        ],
        "Resource": "*"
    },
    {
        "Effect": "Allow",
        "Action": [
            "s3:ListBucket"
        ],
        "Resource": [
            "arn:aws:s3:::bucketxxx"
        ]
    },
    {
        "Effect": "Allow",
        "Action": [
            "s3:PutObject",
            "s3:GetObject",
            "s3:GetObjectVersion"
        ],
        "Resource": [
            "arn:aws:s3:::bucketxxx/*.mp4",
            "arn:aws:s3:::bucketxxx/*.pdf",
            "arn:aws:s3:::bucketxxx/*.jpg",
            "arn:aws:s3:::bucketxxx/*.png",
            "arn:aws:s3:::bucketxxx/*.xlsx",
            "arn:aws:s3:::bucketxxx/*.csv"
        ]
    }
]

}

4

0 回答 0