我们正在使用Amazon S3服务和存储桶来存储我们的数据,现在我遇到了问题,一切正常,但我想限制只在存储桶内的几个表上删除对象权限,不知何故这不起作用:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1448899531000",
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:Put*",
"s3:List*"
],
"Resource": [
"*"
]
},
{
"Sid": "Stmt1461061827000",
"Effect": "Allow",
"Action": [
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::cf-templates-11e3g59cf34bh-eu-west-1/report_file_html/*",
"arn:aws:s3:::cf-templates-11e3g59cf34bh-eu-west-1/market_intelligence_result_sets/*"
]
}
]
}
我检查了ARN的存储桶,它被“arn:aws:s3 ::: cf-templates-11e3g59cf34bh-eu-west-1”视为已被删除,market_intelligence和report_file_html表也存在于存储桶中,所以我想限制删除对象仅对这些表执行操作,但是从我的PHP应用程序中,我收到403错误,拒绝删除对象的权限 .
使用Amazon IAM Policy Validator,这些规则成功验证,但随后使用aws CLI,在调用DeleteObject时出现访问被拒绝错误 .