我的 s3 存储设置如下所示:
权限 > 存储桶策略
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket/*"
}
]
}
每个对象都是公共(public)的。
我有 3 个文件夹,并且想要添加一个新的私有(private)文件夹。我如何确保它是私有(private)的?
最佳答案
您必须使用名为 NotResource 的选项.
The NotResource element lets you grant or deny access to all but a few
of your resources, by allowing you to specify only those resources to
which your policy should not be applied.
因此,您应该使用 NotResource
,而不是 Resource
。
有了这个,您的
存储桶策略应该是:
{
"Sid": "AllowPublicReadWithPrivateFolder",
"Effect": "Allow",
"NotResource": "arn:aws:s3:::bucket/your_private_folder_path/*",
"Principal": {
"AWS": [
"*"
]
},
"Action": "s3:GetObject"
}
关于amazon-web-services - S3存储: Make a bucket folder private,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50366694/