- 新しい順
- 投票が多い順
- コメントが多い順
I don't think so.
The only way to deny download is by denying the s3:GetObject action either on IAM Policies or S3 Bucket Policies.
You can then deny for specific user, group or role through IAM Policies by simpling attaching the policy to the identity you want to or in S3 Bucket Policies using the "Principal" keyword. You can yet combine these with specific conditions and deny only for a principal under specific conditions, but there is not a condition which evaluates if the operation is performed through console or cli or sdk or the API.
Check here for all s3 available conditions.
You could deny every identity which has console access from downloading files and provide them with a role to for them to use to donwload through CLI or SDK.
Hope this helps you, let me me know if I can still help.
関連するコンテンツ
- 質問済み 1年前
- AWS公式更新しました 3年前