小贝子编程

适用于 S3 的 AWS 列表用户文件夹



创建 C# 应用程序以查看存储在 AWS S3 中的文件夹和文件,供注册到我的站点的客户端使用。

目前,我可以创建一个 IAM 用户并将其分配给特定文件夹的权限。但是当我尝试查看文件夹及其内容时遇到了问题。如果我使用 AWS 访问密钥和私有密钥,我可以查看该文件夹,但想知道是否有可用于检索用户已获得权限的文件夹的用户级凭证?

这就是我到目前为止得到的。

            Policy pl = GeneratePolicy(bucketName, foldername);
            Credentials creds = GetFederatedCredentials(pl, username);

            var sessionCredentials = new SessionAWSCredentials(creds.AccessKeyId, creds.SecretAccessKey, creds.SessionToken);
            using (var client = new AmazonS3Client(sessionCredentials, Amazon.RegionEndpoint.USEast1))
            {
                var response = client.ListObjects(request);
                foreach (var subFolder in response.CommonPrefixes)
                {
                    /* list the sub-folders */
                    Console.WriteLine(subFolder);
                }
                foreach (var file in response.S3Objects)
                {
                    /* list the files */
                }
            }

但是在客户端上收到错误。列表对象(请求) - 访问被拒绝错误

这是生成策略代码

public static Policy GeneratePolicy(string bucket, string username)
    {
        var statement = new Statement(Statement.StatementEffect.Allow);
        // Allow access to the sub folder represented by the username in the bucket
        statement.Resources.Add(ResourceFactory.NewS3ObjectResource(bucket, username + "/*"));
        // Allow Get and Put object requests.
        statement.Actions = new List<ActionIdentifier>() { S3ActionIdentifiers.GetObject, S3ActionIdentifiers.PutObject };
        // Lock the requests coming from the client machine.
        //statement.Conditions.Add(ConditionFactory.NewIpAddressCondition(ipAddress));
        var policy = new Policy();
        policy.Statements.Add(statement);
        return policy;
    }

这是获取联邦凭据代码

public static Credentials GetFederatedCredentials(Policy policy, string username)
    {
        var request = new GetFederationTokenRequest()
        {
            Name = username,
            Policy = policy.ToJson()
        };
        var stsClient = new AmazonSecurityTokenServiceClient(AWS_ACCESS_KEY, AWS_SECRET_KEY, Amazon.RegionEndpoint.USEast1);
        var response = stsClient.GetFederationToken(request);
        return response.GetFederationTokenResult.Credentials;
    }

任何帮助将不胜感激。提前致谢

您应该在语句中添加"ListBucket"。行动

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium