Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

AWS - SFTP - S3 - Role

0

Hi, I am planning to use AWS SFTP (AWS Transfer family). So, I have created the server with the S3 (Backend). I created an SFTP user and attached the S3 role to the users. In this role, do the following: Allow the user to access a specific S3 bucket. Once the user logged in, will find 3 directories (Public, Archive, and Error). I am looking for a role, that gives allow the users to delete files/folders under these 3 main folders. But, block the user deletes these 3 main folders. Can you advise?

Temas
AlmacenamientoSeguridad, identidad y cumplimientoGestión y gobiernoMigración y modernización
Etiquetas
Amazon Simple Storage ServiceAWS Identity and Access ManagementAWS Command Line InterfaceAWS Transfer FamilyPolíticas de IAM
Idioma
English
rePost-User-2140084
preguntada hace un año316 visualizaciones
1 Respuesta
0

Yes, you can create an IAM policy that allows the user to delete files and folders under the three specific directories, but denies the user from deleting the three main folders. Here's an example policy that you can modify to fit your specific requirements:

{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowDeletingUnderSpecificDirectories", "Effect": "Allow", "Action": [ "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:DeleteObjectTagging" ], "Resource": [ "arn:aws:s3:::<your-bucket>/Public/", "arn:aws:s3:::<your-bucket>/Archive/", "arn:aws:s3:::<your-bucket>/Error/" ] }, { "Sid": "DenyDeletingMainFolders", "Effect": "Deny", "Action": [ "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:DeleteBucketWebsite", "s3:DeleteBucketTagging", "s3:DeleteBucketAnalyticsConfiguration", "s3:DeleteBucketEncryption", "s3:DeleteBucketInventoryConfiguration", "s3:DeleteBucketLifecycle", "s3:DeleteBucketMetricsConfiguration", "s3:DeleteBucketReplication", "s3:DeleteBucketPublicAccessBlock", "s3:DeleteAccessPoint", "s3:DeleteJobTagging" ], "Resource": [ "arn:aws:s3:::<your-bucket>", "arn:aws:s3:::<your-bucket>/" ], "Condition": { "StringEquals": { "s3:prefix": [ "Public/", "Archive/", "Error/" ] } } } ] }

AWS
mishdane
respondido hace un año

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante