我们正在使用Amazon S3服务和存储桶来存储我们的数据,现在我遇到了问题,一切正常,但我想限制只在存储桶内的几个表上删除对象权限,不知何故这不起作用:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1448899531000",
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:Put*",
                "s3:List*"
             ],
             "Resource": [
                 "*"
             ]
        },
        {
            "Sid": "Stmt1461061827000",
            "Effect": "Allow",
            "Action": [
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::cf-templates-11e3g59cf34bh-eu-west-1/report_file_html/*",
                "arn:aws:s3:::cf-templates-11e3g59cf34bh-eu-west-1/market_intelligence_result_sets/*"
            ]
        }
    ]
}

我检查了ARN的存储桶,它被“arn:aws:s3 ::: cf-templates-11e3g59cf34bh-eu-west-1”视为已被删除,market_intelligence和report_file_html表也存在于存储桶中,所以我想限制删除对象仅对这些表执行操作,但是从我的PHP应用程序中,我收到403错误,拒绝删除对象的权限 .

使用Amazon IAM Policy Validator,这些规则成功验证,但随后使用aws CLI,在调用DeleteObject时出现访问被拒绝错误 .

amazon-web-services amazon-s3 amazon-iam