- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Yes, you can create an IAM policy that allows the user to delete files and folders under the three specific directories, but denies the user from deleting the three main folders. Here's an example policy that you can modify to fit your specific requirements:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowDeletingUnderSpecificDirectories", "Effect": "Allow", "Action": [ "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:DeleteObjectTagging" ], "Resource": [ "arn:aws:s3:::<your-bucket>/Public/", "arn:aws:s3:::<your-bucket>/Archive/", "arn:aws:s3:::<your-bucket>/Error/" ] }, { "Sid": "DenyDeletingMainFolders", "Effect": "Deny", "Action": [ "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:DeleteBucketWebsite", "s3:DeleteBucketTagging", "s3:DeleteBucketAnalyticsConfiguration", "s3:DeleteBucketEncryption", "s3:DeleteBucketInventoryConfiguration", "s3:DeleteBucketLifecycle", "s3:DeleteBucketMetricsConfiguration", "s3:DeleteBucketReplication", "s3:DeleteBucketPublicAccessBlock", "s3:DeleteAccessPoint", "s3:DeleteJobTagging" ], "Resource": [ "arn:aws:s3:::<your-bucket>", "arn:aws:s3:::<your-bucket>/" ], "Condition": { "StringEquals": { "s3:prefix": [ "Public/", "Archive/", "Error/" ] } } } ] }
Contenuto pertinente
AWS UFFICIALEAggiornata 2 anni fa- AWS UFFICIALEAggiornata 3 anni fa