amazon-web-services - AWS S3 CloudFormation 只读权限
问题描述
我正在尝试创建两个用户并授予 user1 对 s3 存储桶的只读权限,我还需要授予 user2 读取和写入访问权限。这是我到目前为止所做的
AWSTemplateFormatVersion: "2010-09-09"
Resources:
s3Bucket:
Type: AWS::S3::Bucket
Properties:
AccessControl: Private
User1:
Type: AWS::IAM::User
User2:
Type: AWS::IAM::User
User1Key:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref 'User1'
User2Key:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref 'User2'
Outputs:
AccessKey:
Value: !Ref 'User1Key'
Description: AWSAccessKeyId of User 1
SecretKey:
Value: !GetAtt [User1Key, SecretAccessKey]
Description: AWSSecretAccessKey of User 1
AccessKey2:
Value: !Ref 'User2Key'
Description: AWSAccessKeyId of User 2
SecretKey2:
Value: !GetAtt [User2Key, SecretAccessKey]
Description: AWSSecretAccessKey of User 2
我不知道如何实现这个
解决方案
其中一种方法是使用 IAM 策略来实现相同的目的。
看看下面的代码。我们正在创建两种策略,一种用于读取,一种用于写入。一个用户被分配到读取和写入策略,另一个用户被分配只读取。
AWSTemplateFormatVersion: "2010-09-09"
Resources:
s3Bucket:
Type: AWS::S3::Bucket
Properties:
AccessControl: Private
S3ReadPolicy:
Type: "AWS::IAM::Policy"
Properties:
PolicyName: "S3ReadPolicy"
PolicyDocument:
Statement:
- Action: s3:GetObject
Effect: Allow
Resource: !Sub "arn:aws:s3:::${s3Bucket}/*"
- Action: s3:ListBucket
Effect: Allow
Resource: !Sub "arn:aws:s3:::${s3Bucket}"
Users:
- Ref: User1
- Ref: User2
S3WritePolicy:
Type: "AWS::IAM::Policy"
Properties:
PolicyName: "S3WritePolicy"
PolicyDocument:
Statement:
- Action: s3:PutObject
Effect: Allow
Resource: !Sub "arn:aws:s3:::${s3Bucket}/*"
Users:
- Ref: User2
User1:
Type: AWS::IAM::User
User2:
Type: AWS::IAM::User
User1Key:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref "User1"
User2Key:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref "User2"
Outputs:
AccessKey:
Value: !Ref "User1Key"
Description: AWSAccessKeyId of User 1
SecretKey:
Value: !GetAtt [User1Key, SecretAccessKey]
Description: AWSSecretAccessKey of User 1
AccessKey2:
Value: !Ref "User2Key"
Description: AWSAccessKeyId of User 2
SecretKey2:
Value: !GetAtt [User2Key, SecretAccessKey]
Description: AWSSecretAccessKey of User 2
希望这可以帮助
推荐阅读
- angular - 如何将令牌参数添加到角度路线?
- audio - 多个过滤器语法的ffmpeg序列
- haskell - 有没有办法在编写类型签名的同时指定隐式参数的递归行为?
- javascript - 使用相同的格式
- javascript - 获取范围错误:nodejs ejs中的字符串长度无效
- python - 如何将文本文件加载到 pyqt5 列表小部件中?
- python - 根据groupby Python的第一个和最后一个值的条件创建一个新列
- android - 在 Android 上的 webview 中保持套接字连接打开
- javascript - 如何仅用一大块构建反应 js
- node.js - Socket.io 两次发出事件