S3 Bucket action doesn't apply to any resources
I\'m following the instructions from this answer to generate the follow S3 bucket policy:
{
\"Id\": \"Policy1495981680273\",
\"Version\": \"2012-10-17\",
\
-
You can also configure ListBuckets for each folder, like so
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowSESPuts-1521238702575", "Effect": "Allow", "Principal": { "Service": "ses.amazonaws.com" }, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::buckets.email/*", "Condition": { "StringEquals": { "aws:Referer": "[red]" } } }, { "Sid": "Stmt1586754972129", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::596322993031:user/[red]" }, "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::buckets.email", "Condition": { "StringEquals": { "s3:delimiter": "/", "s3:prefix": [ "", "domain.co", "domain.co/user" ] } } }, { "Sid": "Stmt1586754972129", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::596322993031:user/[red]" }, "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::buckets.email", "Condition": { "StringLike": { "s3:prefix": "domain.co/user/*" } } }, { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::596322993031:user/[red]" }, "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject" ], "Resource": "arn:aws:s3:::buckets.email/domain.co/user/*" } ] }These rules are used together with SES to receive an email, but allows an external user to view the files that were put in the bucket by SES. I followed the instructions from here: https://aws.amazon.com/blogs/security/writing-iam-policies-grant-access-to-user-specific-folders-in-an-amazon-s3-bucket/
Also, you must specify prefix as
domain.co/user/WITH slash at the end when using the SDK, otherwise you'll get access denied. hope it helps anyone
加载中...
- 热议问题