如何为特定角色创建IAM策略并授予对s3bucket获取和放置操作的访问权限

编程问答 2022-06-08

问题描述

{
    "Version": "2012-10-17","Statement": [
        {
            "Effect": "Allow","Action": "s3:*","Resource": "*"
        }
    ]
}

这是我的amazons3fullaccess政策,但现在我只想授予获取删除权限,而不是完全访问权限

解决方法

您可以使用wildcards执行以下操作:

{
    "Version": "2012-10-17","Statement": [
        {
            "Effect": "Allow","Action": ["s3:put*","s3:delete*","s3:get*"],"Resource": "*"
        }
    ]
}

或者,如果您想更具体(好的做法!):

{
    "Version": "2012-10-17","Action": ["s3:putObject","s3:deleteObject","s3:getObject"],"Resource": "*"
        }
    ]
}
amazon-ec2amazon-iamamazon-s3amazon-web-servicesaws-policies