S3 Bucket action doesn't apply to any resources

前端 未结 11 675
无人及你
无人及你 2021-01-30 09:55

I\'m following the instructions from this answer to generate the follow S3 bucket policy:

{
  \"Id\": \"Policy1495981680273\",
  \"Version\": \"2012-10-17\",
  \         


        
11条回答
  •  醉梦人生
    2021-01-30 10:19

    Whenever you are trying to apply use bucket policies. Remember this thing, If you are using actions like "s3:ListBucket", "s3:GetBucketPolicy", "s3:GetBucketAcl" etc. which are related to bucket, the resource attribute in policy should be mentioned as <"Resource": "arn:aws:s3:::bucket_name">.

    Ex.

    {
        "Version": "2012-10-17",
        "Id": "Policy1608224885249",
        "Statement": [
            {
                "Sid": "Stmt1608226298927",
                "Effect": "Allow",
                "Principal": "*",
                "Action": [
                    "s3:GetBucketPolicy",
                    "s3:GetBucketAcl",
                    "s3:ListBucket"
                ],
                "Resource": "arn:aws:s3:::bucket_name"
            }
        ]
    }
    

    If you are using actions like "s3:GetObject", "s3:DeleteObject", "s3:GetObject" etc. which are related to object, the resource attribute in policy should be mentioned as <"Resource": "arn:aws:s3:::bucket_name/*">.

    ex.

    {
      "Id": "Policy1608228066771",
      "Version": "2012-10-17",
      "Statement": [
        {
          "Sid": "Stmt1608228057071",
          "Action": [
            "s3:DeleteObject",
            "s3:GetObject"
          ],
          "Effect": "Allow",
          "Resource": "arn:aws:s3:::bucket_name/*",
          "Principal": "*"
        }
      ]
    }
    

    Finally if you are using actions like "s3:ListBucket", "s3:GetObject" etc. these actions are related to both bucket and object then the resource attribute in policy should be mentioned as <"Resource": ["arn:aws:s3:::bucket_name/*", "Resource": "arn:aws:s3:::bucket_name">.

    ex.

    {
        "Version": "2012-10-17",
        "Id": "Policy1608224885249",
        "Statement": [
            {
                "Sid": "Stmt1608226298927",
                "Effect": "Allow",
                "Principal": "*",
                "Action": [
                    "s3:ListBucket",
                    "s3:GetObject"
                ],
                "Resource": [
                    "arn:aws:s3:::bucket_name",
                    "arn:aws:s3:::bucket_name/*"
                ]
            }
        ] }
    

提交回复
热议问题