我在我的水桶上尝试这些policy到console.aws.amazon.com:
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::itnighq",
"Condition": {}
},
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectAclVersion"
],
"Resource": "arn:aws:s3:::itnighq/*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*",
"Condition": {}
}
]
}
但我收到此错误消息: Policy has invalid action - s3:ListAllMyBuckets 它似乎不喜欢 "Resource": "*" ,我've also tried to use **arn:aws:s3:::****, but it doesn'也工作 .
有人有任何线索吗?
3 回答
正如zdev所提到的,你需要为IAM做这件事 . 转到IAM console并导航到用户>权限>内联策略>创建>自定义,然后输入:
我想通了自己 . 它需要在IAM中完成,而不是在S3本身...
@dnlbrky您需要通过为IAM用户/组/角色设置策略并通过使用适用于IAM用户/组的AWS控制台或通过调用put_ [role / user / group] _policy boto API调用来设置它 .