S3 桶策略仅自己可见


S3 桶策略仅自己可见,用allow放行自己,然后deny其他人,等于双重保险。

分析过程:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowSpecificUser",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::ACCOUNT-ID:user/username"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::YOUR-BUCKET-NAME",
                "arn:aws:s3:::YOUR-BUCKET-NAME/*"
            ]
        },
        {
            "Sid": "ExplicitDenyAllOthers",
            "Effect": "Deny",
            "NotPrincipal": {
                "AWS": "arn:aws:iam::ACCOUNT-ID:user/username"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::YOUR-BUCKET-NAME",
                "arn:aws:s3:::YOUR-BUCKET-NAME/*"
            ]
        }
    ]
}

文章作者: AWS Learner
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 AWS Learner !
评论
  目录