- 最新
- 最多得票
- 最多評論
Transfer Family's current permission model does not support your need for write only access (#2). Can you send me a message at yoonmsuh@amazon.com so I can better understand your use case and raise a PFR on your behalf? Thank you
Thank you!! I already sent email to you about the details request. Let us know, if you need any more information.
For write-only via Transfer Service, a workaround I've implemented is to use KMS encryption on the bucket, but only grant "encrypt" to the key for the role used.
While the IAM policy still has to have getobject permissions, the lack of "decrypt" on the key prevents downloading.
It would be nice if Transfer Service natively supported this. Without "GetObject" sftp users cannot list (despite having ListBucket), which we need.
相關內容
- 已提問 6 個月前
- AWS 官方已更新 3 年前
- AWS 官方已更新 3 年前