当使用 JS SDK 上传到 s3 存储桶时,以下策略有效:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::foo/*"
]
}
]
}
但更细粒度和更安全
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::foo/*"
]
}
]
}
没有。上传对象是否需要一些额外的操作权限?
最佳答案
您的策略授予对象权限,而不是存储桶。这应该有效:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::foo/"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::foo/*"
]
}
]
}
请注意存储桶 (arn:aws:s3:::foo/
) 和对象 (arn:aws:s3:::foo/*
) 之间的区别.
关于amazon-web-services - 必须允许哪些策略操作才能将文件上传到 s3?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41243843/