2개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
1
You can use tags on the IAM users and on the buckets and then create a policy that allows access if the values of these tags are equal, using the same policy for each user. Something like this:
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": s3:*,
"Resource": "*",
"Condition": {"StringEquals":
{"aws:ResourceTag/Owner": "${aws:PrincipalTag/Name}"}}
}
}
1
Hi, yes: you can have a single policy and use IAM conditions to allow to a given principal Have a look at https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html And search for aws:PrincipalArn in this page to see examples
관련 콘텐츠
- 질문됨 8달 전