DevOps
评论6,045字数 200阅读0分40秒阅读模式
配置策略
{
"Version": "2012-10-17",
"Id": "ExamplePolicy01",
"Statement": [
{
"Sid": "ExampleStatement01",
"Effect": "Allow",
"Action": [
"s3:getBucketVersioning",
"s3:ListAllMyBuckets",
"s3:GetAccountPublicAccessBlock",
"s3:GetBucketPublicAccessBlock",
"s3:GetBucketPolicyStatus",
"s3:GetBucketAcl",
"s3:ListAccessPoints"
],
"Resource": [
"arn:aws:s3:::*"
]
},
{
"Sid": "statement1",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::media.pplingo.com",
"arn:aws:s3:::media.pplingo.com/*",
"arn:aws:s3:::stage.media.pplingo.com",
"arn:aws:s3:::stage.media.pplingo.com/*",
"arn:aws:s3:::dev.media.pplingo.com",
"arn:aws:s3:::dev.media.pplingo.com/*",
"arn:aws:s3:::test.media.pplingo.com",
"arn:aws:s3:::test.media.pplingo.com/*"
]
}
]
}
保存策略
创建用户
添加s3策略
创建完成后,使用这个用户的key即可。
- 有个php服务,不知道是啥权限限制,使用这个策略解决报错问题。
只限制s3桶权限
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*",
"s3-object-lambda:*"
],
"Resource":
"arn:aws:s3:::media.1.com",
"arn:aws:s3:::media.1.com/*",
"arn:aws:s3:::stage.media.1.com",
"arn:aws:s3:::stage.media.1/*
]
}
]
}
继续阅读
评论