2개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
You could add a condition that compares the Bucket account with the Principle's account. Something like:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1677693648738",
"Action": [
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::mybucket/*",
"Condition": {
"StringEquals": {
"s3:ResourceAccount": "${aws:PrincipalAccount}"
}
}
}
]
}
0
Hi
I replace ${aws:PrincipalAccount} with my accound ID and it's work like I need !
Thx
Best regards
Benoit
답변함 일 년 전