我正在尝试编写一个 IAM 策略来执行以下操作:
- 允许用户访问特定的存储桶
- 只能上传选定的几种类型的文件.. 基于扩展名
- 允许在该存储桶中创建文件夹
我已经设法做到了前两个,但我无法满足第三个要求。这是我尝试过的:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::bucketxxx"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion"
],
"Resource": [
"arn:aws:s3:::bucketxxx/*.mp4",
"arn:aws:s3:::bucketxxx/*.pdf",
"arn:aws:s3:::bucketxxx/*.jpg",
"arn:aws:s3:::bucketxxx/*.png",
"arn:aws:s3:::bucketxxx/*.xlsx",
"arn:aws:s3:::bucketxxx/*.csv"
]
}
]
}