- 최신
- 최다 투표
- 가장 많은 댓글
Yes, you can create an IAM policy that allows the user to delete files and folders under the three specific directories, but denies the user from deleting the three main folders. Here's an example policy that you can modify to fit your specific requirements:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowDeletingUnderSpecificDirectories", "Effect": "Allow", "Action": [ "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:DeleteObjectTagging" ], "Resource": [ "arn:aws:s3:::<your-bucket>/Public/", "arn:aws:s3:::<your-bucket>/Archive/", "arn:aws:s3:::<your-bucket>/Error/" ] }, { "Sid": "DenyDeletingMainFolders", "Effect": "Deny", "Action": [ "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:DeleteBucketWebsite", "s3:DeleteBucketTagging", "s3:DeleteBucketAnalyticsConfiguration", "s3:DeleteBucketEncryption", "s3:DeleteBucketInventoryConfiguration", "s3:DeleteBucketLifecycle", "s3:DeleteBucketMetricsConfiguration", "s3:DeleteBucketReplication", "s3:DeleteBucketPublicAccessBlock", "s3:DeleteAccessPoint", "s3:DeleteJobTagging" ], "Resource": [ "arn:aws:s3:::<your-bucket>", "arn:aws:s3:::<your-bucket>/" ], "Condition": { "StringEquals": { "s3:prefix": [ "Public/", "Archive/", "Error/" ] } } } ] }
