S3 Bucket action doesn't apply to any resources

前端未结

关注

 11  662

无人及你 2021-01-30 09:55

I\'m following the instructions from this answer to generate the follow S3 bucket policy:

{
  \"Id\": \"Policy1495981680273\",
  \"Version\": \"2012-10-17\",
  \


      
      
        
          11条回答        

        
                    
            
            
                         
                
              
              
                
                   醉梦人生
                                             
                
                
                (楼主)
            
              
              
                2021-01-30 10:19
              

            
            
                        
Whenever you are trying to apply use bucket policies. Remember this thing, If you are using actions like "s3:ListBucket", "s3:GetBucketPolicy", "s3:GetBucketAcl" etc. which are related to bucket, the resource attribute in policy should be mentioned as <"Resource": "arn:aws:s3:::bucket_name">.
Ex.
{
    "Version": "2012-10-17",
    "Id": "Policy1608224885249",
    "Statement": [
        {
            "Sid": "Stmt1608226298927",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetBucketPolicy",
                "s3:GetBucketAcl",
                "s3:ListBucket"
            ],
            "Resource": "arn:aws:s3:::bucket_name"
        }
    ]
}

If you are using actions like "s3:GetObject", "s3:DeleteObject", "s3:GetObject" etc. which are related to object, the resource attribute in policy should be mentioned as <"Resource": "arn:aws:s3:::bucket_name/*">.
ex.
{
  "Id": "Policy1608228066771",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1608228057071",
      "Action": [
        "s3:DeleteObject",
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::bucket_name/*",
      "Principal": "*"
    }
  ]
}

Finally if you are using actions like "s3:ListBucket", "s3:GetObject" etc. these actions are related to both bucket and object then the resource attribute in policy should be mentioned as <"Resource": ["arn:aws:s3:::bucket_name/*", "Resource": "arn:aws:s3:::bucket_name">.
ex.
{
    "Version": "2012-10-17",
    "Id": "Policy1608224885249",
    "Statement": [
        {
            "Sid": "Stmt1608226298927",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::bucket_name",
                "arn:aws:s3:::bucket_name/*"
            ]
        }
    ] }

    
             
                                                        
            
            
              
                
                0
              
                   
                
               讨论(0)
              
                                                  
              
              
                          
             
       
          
              
                                       
     查看其它11个回答


            
                         
                    


               
            
    发布评论:
    
         
                        
    
    提交评论 
  
  

                    
                    
                    
                        
                        
                         加载中...
                        
                    
                
          
                              			
        
        
        
          
            
            
              
              
            
    


                                 
              
            
                          
    

        
         
                验证码
                
                  
                
                
                   看不清?
                
              
                                  
                    
   
                 
             
              提交回复