它是关于AWS-MediaStore服务的。
尝试在用户端添加策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSElementalMediaStoreGetAccess",
"Effect": "Allow",
"Action": "mediastore:GetObject",
"Resource": "*"
}
]
}
对于容器侧:
{
"Version" : "2012-10-17",
"Statement" : [ {
"Sid" : "MediaStorePostToSpecificPath",
"Effect" : "Allow",
"Principal" : {
"AWS" : "arn:aws:iam::CENSORED:root"
},
"Action" : "mediastore:PutObject",
"Resource" : "arn:aws:mediastore:eu-central-1:CENSORED:container/test/path1/*",
"Condition" : {
"Bool" : {
"aws:SecureTransport" : "true"
}
}
} ]
}
但是发布到Path1告诉我访问被拒绝。 是否可以设置可以将用户的 PutObject 提供给定义的文件夹的策略?
不知道为什么,但是经过几次尝试,这个配置开始正常工作: 用户:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSElementalMediaStore",
"Effect": "Allow",
"Action": [
"mediastore:GetObject"
],
"Resource": "*"
}
]
}
容器:
{
"Version" : "2012-10-17",
"Statement" : [ {
"Sid" : "MediaStoreAccess",
"Effect" : "Allow",
"Principal" : {
"AWS" : "arn:aws:iam::CENSORED:user/bot"
},
"Action" : "mediastore:PutObject",
"Resource" : "arn:aws:mediastore:eu-central-1:CENSORED:container/test/path1/*",
"Condition" : {
"Bool" : {
"aws:SecureTransport" : "true"
}
}
} ]
}
现在,用户bot只能将文件放在path1文件夹中。可能是我遇到了这个问题,因为政策适用得不是那么快......