问题
Is it possible to create an IAM policy in AWS S3 such that a user or group can access only certain objects in an S3 buckets with a specific tag attached to it and all other objects with no tags or different tags in the bucket are not accessible?
回答1:
You can use s3:ExistingObjectTag/<tag-key>. Using this condition key, you can limit the permission to only on objects that have a specific tag key and value.
For more info: Specifying Conditions in a Policy - Amazon Simple Storage Service
来源:https://stackoverflow.com/questions/56707600/aws-s3-access-policy-with-object-tags