amazon-web-services - AWS S3 CloudFormation 只读权限

标签 amazon-web-services amazon-s3 aws-lambda aws-cloudformation

我正在尝试创建两个用户并授予 user1 对 s3 存储桶的只读权限,我还需要授予 user2 读写访问权限。这是我到目前为止所做的事情

AWSTemplateFormatVersion: "2010-09-09"


Resources:
  s3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: Private

  User1:
    Type: AWS::IAM::User

  User2:
    Type: AWS::IAM::User

  User1Key:
    Type: AWS::IAM::AccessKey
    Properties:
      UserName: !Ref 'User1'

  User2Key:
    Type: AWS::IAM::AccessKey
    Properties:
      UserName: !Ref 'User2'
Outputs:
  AccessKey:
    Value: !Ref 'User1Key'
    Description: AWSAccessKeyId of User 1
  SecretKey:
    Value: !GetAtt [User1Key, SecretAccessKey]
    Description: AWSSecretAccessKey of User 1
  AccessKey2:
    Value: !Ref 'User2Key'
    Description: AWSAccessKeyId of User 2
  SecretKey2:
    Value: !GetAtt [User2Key, SecretAccessKey]
    Description: AWSSecretAccessKey of User 2

我不知道如何实现

最佳答案

其中一种方法是使用 IAM 策略来实现相同的目的。

看看下面的代码。我们正在创建两种策略,一种用于读取,一种用于写入。一个用户同时分配有读取和写入策略,另一用户仅分配有读取策略。 

AWSTemplateFormatVersion: "2010-09-09"

Resources:
  s3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: Private

  S3ReadPolicy:
    Type: "AWS::IAM::Policy"
    Properties:
      PolicyName: "S3ReadPolicy"
      PolicyDocument:
        Statement:
          - Action: s3:GetObject
            Effect: Allow
            Resource: !Sub "arn:aws:s3:::${s3Bucket}/*"
          - Action: s3:ListBucket
            Effect: Allow
            Resource: !Sub "arn:aws:s3:::${s3Bucket}"
      Users:
        - Ref: User1
        - Ref: User2

  S3WritePolicy:
    Type: "AWS::IAM::Policy"
    Properties:
      PolicyName: "S3WritePolicy"
      PolicyDocument:
        Statement:
          - Action: s3:PutObject
            Effect: Allow
            Resource: !Sub "arn:aws:s3:::${s3Bucket}/*"
      Users:
        - Ref: User2        

  User1:
    Type: AWS::IAM::User

  User2:
    Type: AWS::IAM::User

  User1Key:
    Type: AWS::IAM::AccessKey
    Properties:
      UserName: !Ref "User1"

  User2Key:
    Type: AWS::IAM::AccessKey
    Properties:
      UserName: !Ref "User2"
Outputs:
  AccessKey:
    Value: !Ref "User1Key"
    Description: AWSAccessKeyId of User 1
  SecretKey:
    Value: !GetAtt [User1Key, SecretAccessKey]
    Description: AWSSecretAccessKey of User 1
  AccessKey2:
    Value: !Ref "User2Key"
    Description: AWSAccessKeyId of User 2
  SecretKey2:
    Value: !GetAtt [User2Key, SecretAccessKey]
    Description: AWSSecretAccessKey of User 2

希望这有帮助

关于amazon-web-services - AWS S3 CloudFormation 只读权限,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59585116/

上一篇:amazon-ec2 - 将 SSM 参数设置为 EC2 的环境变量 - 不起作用

下一篇:amazon-web-services - 如何将ELB面向公众、私有(private)?

相关文章:

python - ec2 等待超时 [Python]

javascript - 用于静态网页的 AngularJS SEO(S3 CDN)

amazon-s3 - 如何授予 lambda 权限将文件上传到 `terraform` 中的 s3 存储桶?

amazon-web-services - 为什么 AWS Lambda 函数会为单个事件多次调用?

python - AWS S3 列表键以字符串开头

python - AWS lambda : Variable value from one execution is preserved and used by subsequent run

amazon-web-services - AWS - EC2、Beanstalk 和 LightSail 之间的具体区别是什么?

php - 使用产品广告 API 获取亚马逊评级星级和评级计数

php - 使用 Laravel 5.1 将文件上传到 S3 失败

amazon-web-services - AWS Kinesis 和 Lambda 数据版本控制

©2024 IT工具网  联系我们