amazon-web-services - AWS S3 Permissios - 创建文件夹，同时只能上传某些扩展

Question

我正在尝试编写一个 IAM 策略来执行以下操作：

• 允许用户访问特定的存储桶
• 只能上传选定的几种类型的文件.. 基于扩展名
• 允许在该存储桶中创建文件夹

我已经设法做到了前两个，但我无法满足第三个要求。这是我尝试过的：

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "s3:GetBucketLocation",
            "s3:ListAllMyBuckets"
        ],
        "Resource": "*"
    },
    {
        "Effect": "Allow",
        "Action": [
            "s3:ListBucket"
        ],
        "Resource": [
            "arn:aws:s3:::bucketxxx"
        ]
    },
    {
        "Effect": "Allow",
        "Action": [
            "s3:PutObject",
            "s3:GetObject",
            "s3:GetObjectVersion"
        ],
        "Resource": [
            "arn:aws:s3:::bucketxxx/*.mp4",
            "arn:aws:s3:::bucketxxx/*.pdf",
            "arn:aws:s3:::bucketxxx/*.jpg",
            "arn:aws:s3:::bucketxxx/*.png",
            "arn:aws:s3:::bucketxxx/*.xlsx",
            "arn:aws:s3:::bucketxxx/*.csv"
        ]
    }
]

}