我想在有限的时间范围内与 IAM 用户(测试用户(共享我的存储桶(源存储桶(。AWS 是否提供任何存储桶策略,以便我可以在有限的时间范围内与 IAM 用户共享我的存储桶对象?
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DelegateS3Access",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::12345678910:user/testuser"
},
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::sourcebucket/*",
"arn:aws:s3:::sourcebucket"
]
}
]
}
AWS 是否提供任何存储桶策略,以便我可以在有限的时间范围内与 IAM 用户共享我的存储桶对象?
是的。
检查DateGreaterThan和DateLessThan条件以及aws:CurrentTime条件键。下面是一个示例,使用问题中的策略作为基础:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DelegateS3Access",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::12345678910:user/testuser"
},
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::sourcebucket/*",
"arn:aws:s3:::sourcebucket"
],
"Condition": {
"DateGreaterThan": {"aws:CurrentTime": "2020-04-01T00:00:00Z"},
"DateLessThan": {"aws:CurrentTime": "2020-06-30T23:59:59Z"}
}
}
]
}
以下是一些有用的链接:
AWS 全局条件上下文键:
aws:CurrentTimeAWS:允许在特定日期内访问