使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

S3 bucket policy settings

0

want to protect all my objects in the bucket and my bucket should be publicly accessible through URL how can we do that and I want it in such a way that anyone can getobjects but only iam user can store the object i.e putobjects Please help me out for this configuration

主題
儲存空間
標籤
Amazon Simple Storage Service
語言
English
Gouda
已提問 8 個月前檢視次數 223 次
1 個回答
0
已接受的答案

Hi Gouda!

Organizing your scenario:

  1. Your bucket should be publicly accessible through a URL.
  2. Anyone can retrieve objects from the bucket.
  3. Only IAM users can upload (put) objects into the bucket.

You can use the following bucket policy to implement this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
        },
        {
            "Sid": "IAMPutObject",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::YOUR_AWS_ACCOUNT_ID:user/YOUR_IAM_USERNAME"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
        }
    ]
}

Make right replaces on policy.

Remember to attach the necessary S3 permissions to the IAM user's permissions policy to allow uploading objects.

I'll keep tracking your comments to see if you've found a resolution.

profile picture
Vitor Castellani
已回答 8 個月前
profile picture
專家
Gary Mclean
已審閱 8 個月前
  • Gary Mclean 專家
    8 個月前

    Agree with the Get object. The PutObject, technically if its in the same account account, you could just use IAM Policies instead of using the bucket policy to grant access.

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容