1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
【以下的回答经过翻译处理】 大家好,我们通过下列脚本实现了需求(账户2的s3存储桶策略),只需将 123412341234 替换为发送流日志的帐户即可。例如:1234-1234-1234转123412341234
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSLogDeliveryWrite",
"Effect": "Allow",
"Principal": {
"Service": "delivery.logs.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::s3bucketname",
"arn:aws:s3:::s3bucketname/*"
],
"Condition": {
"StringEquals": {
"aws:SourceAccount": "123412341234",
"s3:x-amz-acl": "bucket-owner-full-control"
},
"ArnLike": {
"aws:SourceArn": "arn:aws:logs:ap-southeast-2:123412341234:*"
}
}
},
{
"Sid": "AWSLogDeliveryCheck",
"Effect": "Allow",
"Principal": {
"Service": "delivery.logs.amazonaws.com"
},
"Action": [
"s3:GetBucketAcl",
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::s3bucketname",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "123412341234"
},
"ArnLike": {
"aws:SourceArn": "arn:aws:logs:ap-southeast-2:123412341234:*"
}
}
}
]
}
Contenus pertinents
- demandé il y a 2 mois
- demandé il y a 4 mois
- demandé il y a 14 jours
- AWS OFFICIELA mis à jour il y a 9 mois
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 4 ans