- 新しい順
- 投票が多い順
- コメントが多い順
Transfer Family's current permission model does not support your need for write only access (#2). Can you send me a message at yoonmsuh@amazon.com so I can better understand your use case and raise a PFR on your behalf? Thank you
Thank you!! I already sent email to you about the details request. Let us know, if you need any more information.
For write-only via Transfer Service, a workaround I've implemented is to use KMS encryption on the bucket, but only grant "encrypt" to the key for the role used.
While the IAM policy still has to have getobject permissions, the lack of "decrypt" on the key prevents downloading.
It would be nice if Transfer Service natively supported this. Without "GetObject" sftp users cannot list (despite having ListBucket), which we need.
関連するコンテンツ
- AWS公式更新しました 3年前