2 réponses
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
Hi, in reviewing the JSON policy document that you provided, what you are seeing is expected.
The first Sid (Stmt1480515305000) allows the IAM user/role to list all of your buckets in the account and get their locations (e.g., AWS region). If you add the specific resource block that you use for the second Sid (Stmt1480515305002), you will restrict the bucket list to the one bucket that you want cyberduck to access. I've included my example below.
{
"Sid": "Stmt1480515305000",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::allowed-bucket"
]
}
répondu il y a 2 ans
0
Hello . thank you for your answer . i wasn't able to apply what you said . lets suppose the bucket i want to list is called bucket1 . how would the code look for that bucket . thank you
répondu il y a 2 ans
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 2 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans