我是MinIO对象存储的新手。
我想创建一个只能读写x bucket的用户。
我使用默认的读写策略,但将资源编辑到我的bucket中,如下所示:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::test"
]
}
]
}
然后我将bucket访问策略设置为私有
这是我的bucket访问策略设置
完成后,我设置了用户的策略和bucket访问策略我在NodeJS+ExpressJS 中执行代码
var minioClient = new Minio.Client({
endPoint: MINIO.URL,
port: MINIO.PORT,
useSSL: false,
accessKey: MINIO.ACCES_KEY,
secretKey: MINIO.SECRET_KEY
});
const uploadFileStream = async (file) => {
const fileStream = fs.createReadStream(file.path);
var fileStat = fs.stat(file.path, function (e, stat) {
if (e) {
return console.log(e)
}
minioClient.putObject(MINIO.BUCKET_NAME, file.originalname, fileStream, stat.size, file.mimetype, function (e) {
if (e) {
return console.log(e)
}
console.log("Successfully uploaded the stream")
})
})
}访问密钥和密钥是使用用户服务帐户生成的,但当我触发uploadFileStream功能时,它显示错误,用户访问被拒绝
{
code: 'AccessDenied',
bucketname: 'test',
resource: '/test',
region: 'local-dev-1',
requestid: '16DDBD16DDDAE918',
hostid: '9b6e8e2d-b054-41b3-b0ee-5c86ade87200',
amzRequestid: null,
amzId2: null,
amzBucketRegion: null
}
我应该怎么做才能使bucket只能由MinIO中的特定用户写入和读取?
抱歉我英语不好。
我遇到了同样的问题,我将策略更改为允许访问指定的bucket
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::bucket/*", "arn:aws:s3:::bucket"
],
"Sid": "PolicyForBucket"
}
]
}