有没有办法以某种方式将下面给出的 2 个 AWS IAM 策略语句简化为一个?
我想允许存储桶上的 ListBucket、GetBucketLocation、GetBucketPolicy、GetBucketACL 操作,以及位于存储桶内的主文件夹和子文件夹 1、2、3?
我有两个语句 - 一个允许对存储桶进行操作,另一个允许对主文件夹和子文件夹进行操作。由于两个语句中的 actions、Effect 和 Resource 是相同的,是否可以以某种方式编写单个语句?
谢谢,
约翰
"Statement": [
{
"Effect": "Allow",
"Sid": "AllowAccessToViewBucket",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:GetBucketACL"
],
"Resource": "arn:aws:s3:::bucket"
},
{
"Effect": "Allow",
"Sid": "AllowAccessToListFilesInAllFolders",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:GetBucketACL"
],
"Resource": "arn:aws:s3:::bucket",
"Condition": {
"StringEquals": {
"s3:prefix": [
"mainfolder",
"mainfolder/subfolder1",
"mainfolder/subfolder2",
"mainfolder/subfolder3"
],
"s3:delimiter": "/"
}
}
}
]
最佳答案
You can use a list of resources to combine these in to a single statement, like this
"Statement": [
{
"Effect": "Allow",
"Sid": "AllowAccessToViewBucket",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:GetBucketACL"
],
"Resource": ["arn:aws:s3:::bucket",
"arn:aws:s3:::bucket/mainfolder",
"arn:aws:s3:::bucket/mainfolder/subfolder1",
"arn:aws:s3:::bucket/mainfolder/subfolder2",
"arn:aws:s3:::bucket/mainfolder/subfolder3"
]
}
]
关于amazon-web-services - 简化多个 AWS S3 策略,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25118629/