使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

S3 bucket policy settings

0

want to protect all my objects in the bucket and my bucket should be publicly accessible through URL how can we do that and I want it in such a way that anyone can getobjects but only iam user can store the object i.e putobjects Please help me out for this configuration

主题
存储
标签
亚马逊简单存储服务 (S3)
语言
English
Gouda
已提问 8 个月前223 查看次数
1 回答
0
已接受的回答

Hi Gouda!

Organizing your scenario:

  1. Your bucket should be publicly accessible through a URL.
  2. Anyone can retrieve objects from the bucket.
  3. Only IAM users can upload (put) objects into the bucket.

You can use the following bucket policy to implement this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
        },
        {
            "Sid": "IAMPutObject",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::YOUR_AWS_ACCOUNT_ID:user/YOUR_IAM_USERNAME"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
        }
    ]
}

Make right replaces on policy.

Remember to attach the necessary S3 permissions to the IAM user's permissions policy to allow uploading objects.

I'll keep tracking your comments to see if you've found a resolution.

profile picture
Vitor Castellani
已回答 8 个月前
profile picture
专家
Gary Mclean
已审核 8 个月前
  • Gary Mclean 专家
    8 个月前

    Agree with the Get object. The PutObject, technically if its in the same account account, you could just use IAM Policies instead of using the bucket policy to grant access.

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容