- 最新
- 投票最多
- 评论最多
The following AWS official document contains a sample policy, which we hope will be helpful. [1]
[1] User policy examples - Amazon Simple Storage Service
https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-policies-s3.html#iam-policy-ex0
----- excerpt -----
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action": "s3:ListAllMyBuckets",
"Resource":"*"
},
{
"Effect":"Allow",
"Action":["s3:ListBucket","s3:GetBucketLocation"],
"Resource":"arn:aws:s3:::DOC-EXAMPLE-BUCKET1"
},
{
"Effect":"Allow",
"Action":[
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject"
],
"Resource":"arn:aws:s3:::DOC-EXAMPLE-BUCKET1/*"
}
]
}
----- excerpt -----
If the IAM User already exists, you can make changes to the user from the IAM Management Console. You will want to check to see what access is already set for the User and remove any access that may allow them more access than you would like. The Access Advisor tab is helpful here.
Providing access to the target bucket can then be done in several ways. A direct option would be to use the "Add Inline Policy" link from the Permissions tab. From there you can use the policy example linked by @mn87 in the other answer as a template to get what you need. As you make tweaks to the policy, use the Access Advisor to ensure that their access is limited to what you want.
相关内容
- AWS 官方已更新 2 年前