Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

AWS - SFTP - S3 - Role

0

Hi, I am planning to use AWS SFTP (AWS Transfer family). So, I have created the server with the S3 (Backend). I created an SFTP user and attached the S3 role to the users. In this role, do the following: Allow the user to access a specific S3 bucket. Once the user logged in, will find 3 directories (Public, Archive, and Error). I am looking for a role, that gives allow the users to delete files/folders under these 3 main folders. But, block the user deletes these 3 main folders. Can you advise?

Themen
SpeicherSicherheit, Identität & KonformitätManagement & UnternehmensführungMigration und Modernisierung
Tags
Amazon Simple Storage ServiceAWS Identity and Access ManagementAWS BefehlszeilenschnittstelleAWS Transfer FamilyIAM-Richtlinien
Sprache
English
rePost-User-2140084
gefragt vor einem Jahr316 Aufrufe
1 Antwort
0

Yes, you can create an IAM policy that allows the user to delete files and folders under the three specific directories, but denies the user from deleting the three main folders. Here's an example policy that you can modify to fit your specific requirements:

{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowDeletingUnderSpecificDirectories", "Effect": "Allow", "Action": [ "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:DeleteObjectTagging" ], "Resource": [ "arn:aws:s3:::<your-bucket>/Public/", "arn:aws:s3:::<your-bucket>/Archive/", "arn:aws:s3:::<your-bucket>/Error/" ] }, { "Sid": "DenyDeletingMainFolders", "Effect": "Deny", "Action": [ "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:DeleteBucketWebsite", "s3:DeleteBucketTagging", "s3:DeleteBucketAnalyticsConfiguration", "s3:DeleteBucketEncryption", "s3:DeleteBucketInventoryConfiguration", "s3:DeleteBucketLifecycle", "s3:DeleteBucketMetricsConfiguration", "s3:DeleteBucketReplication", "s3:DeleteBucketPublicAccessBlock", "s3:DeleteAccessPoint", "s3:DeleteJobTagging" ], "Resource": [ "arn:aws:s3:::<your-bucket>", "arn:aws:s3:::<your-bucket>/" ], "Condition": { "StringEquals": { "s3:prefix": [ "Public/", "Archive/", "Error/" ] } } } ] }

AWS
mishdane
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt