AWS S3 Bucket 指定权限
source link: https://liyangliang.me/posts/2019/10/aws-s3-bucket-policy/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
有时候需要通过 S3 给外部用户交付数据,可通过这种方式实现:创建一个新的 IAM 用户和 S3 bucket,给该用户赋予对应的读写权限。
创建 IAM 用户
创建新的 IAM 用户,不赋予任何权限,生成 access key. 假设新用户的 ARN 是 arn:aws-cn:iam::123456789012:user/exampleuser.
配置 S3 bucket 权限
创建 S3 bucket,假设名字为 example-bucket,于是对应的 ARN 为 arn:aws-cn:s3:::example-bucket . 进入 Permissions 页面,编辑 Bucket Policy.
{
"Version": "2012-10-17",
"Id": "Policy1571646921804",
"Statement": [
{
"Sid": "Stmt1571646903119",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws-cn:iam::123456789012:user/exampleuser"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws-cn:s3:::example-bucket"
},
{
"Sid": "Stmt1571646919492",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws-cn:iam::123456789012:user/exampleuser"
},
"Action": "s3:GetObject",
"Resource": "arn:aws-cn:s3:::example-bucket/*"
}
]
}
这里分配了 s3:ListBucket 和 s3:GetObject 两个权限,即可以列出及读取 bucket 里所有对象。要注意 s3:ListBucket 是 bucket 级别的,所以 Resource 就是 bucket 的 ARN;s3:GetObject 是对象级别的,所以 Resource 最后要加上 /*.
Bucket Policy 可以通过 Policy generator 生成。添加 2 个 Statement,如下图所示
点击 Generate Policy 即可生成 JSON 格式的 policy.
用 aws 命令行程序测试(安装:pip install awscli)。先配置好 access key 和 region 信息。
$ aws s3 ls
An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied
$ aws s3 ls example-bucket
PRE data/
2019-10-21 16:40:49 7 test.txt
$ aws s3 cp s3://example-bucket/test.txt .
download: s3://example-bucket/test.txt to ./test.txt
$ aws s3 rm s3://example-bucket/test.txt
delete failed: s3://example-bucket/test.txt An error occurred (AccessDenied) when calling the DeleteObject operation: Access Denied
欢迎关注我的公众号
Recommend
-
33
S3 (Simple Storage Service) is used to store objects and flat files in 'buckets' in the Cloud. There is unlimited storage available, across 100 buckets, and files can be from 0 bytes to 5TB. St...
-
14
How to Backup Heroku Postgres Database to an Encrypted AWS S3 Bucket Updated May 12, 2020 16 comments 8 minute read
-
12
Three Ways to Count the Objects in an AWS S3 Bucket Oct 24, 2019 AWS S3, "simple storage service", is the classic AW...
-
11
Hi Sparta! In this article I will share with you a file storage module that can help you store your user's files (profil's pictures, PDF documents...) in your app with a scalable architecture. We could have stored all those d...
-
8
AWS CloudFormation example for S3 bucket Typical Cloudformation for an S3 bucket with block all public access enabled: Resources: S3BucketExample: Type: AWS::S3::Bucket Properties: BucketName: s3-...
-
3
My own personal AWS S3 bucket I’ve just rediscovered two digital assets that I’d mostly forgotten about. 1. The Reddit username judell, which I created in 2005 and never used. When you visit
-
5
Kuba Martin for Spacelift...
-
8
Create an S3 Bucket on AWS using Terraform In this article, I will show you how to use Terraform to create an S3 bucket on AWS. Before proceeding, I assume that you are familiar with S3 bucket if not then you can click
-
4
How to create an S3 Bucket using Python Boto3 on AWS In this article, we will learn to create an S3 bucket using the Python Boto3 library. We will also see the steps to delete the bucket we created. We will use the "create_bucket" &...
-
14
How to Manage Terraform State in an AWS S3 Bucket In this article, we will see what a Terraform state is and how to manage it on an S3 Bucket. We will also see what "lock" is in Terraform and how to implement it. To implement this,...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK