在S3中,从特定的bucket中删除对象需要什么权限



我正在尝试为lambda角色创建IAM策略,该策略将授予删除对象的权限。如果我没有指定这个策略有效的资源,但我想将其限制在特定的bucket:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::bucketname/*",
"arn:aws:s3:::bucketname"
]
}
] }

我在这里错过了什么?

来自文档

{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":["s3:ListBucket","s3:GetBucketLocation"],
"Resource":"arn:aws:s3:::awsexamplebucket1"
},
{
"Effect":"Allow",
"Action":[
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject"
],
"Resource":"arn:aws:s3:::awsexamplebucket1/*"
}
]
}

请确保您的lambda的IAM角色已设置了信任策略。

在我的情况下,我无法删除对象
但是可以上传对象。所以我在那之后更新了我的bucket策略,效果很好。

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::YourBucketName"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::YourBucketName/*"
}
]

}

相关内容

  • 没有找到相关文章

最新更新