amazon-web-services - AWS S3 CloudFormation 只读权限

其中一种方法是使用 IAM 策略来实现相同的目的。

看看下面的代码。我们正在创建两种策略，一种用于读取，一种用于写入。一个用户被分配到读取和写入策略，另一个用户被分配只读取。

AWSTemplateFormatVersion: "2010-09-09"

Resources:
  s3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: Private

  S3ReadPolicy:
    Type: "AWS::IAM::Policy"
    Properties:
      PolicyName: "S3ReadPolicy"
      PolicyDocument:
        Statement:
          - Action: s3:GetObject
            Effect: Allow
            Resource: !Sub "arn:aws:s3:::${s3Bucket}/*"
          - Action: s3:ListBucket
            Effect: Allow
            Resource: !Sub "arn:aws:s3:::${s3Bucket}"
      Users:
        - Ref: User1
        - Ref: User2

  S3WritePolicy:
    Type: "AWS::IAM::Policy"
    Properties:
      PolicyName: "S3WritePolicy"
      PolicyDocument:
        Statement:
          - Action: s3:PutObject
            Effect: Allow
            Resource: !Sub "arn:aws:s3:::${s3Bucket}/*"
      Users:
        - Ref: User2        

  User1:
    Type: AWS::IAM::User

  User2:
    Type: AWS::IAM::User

  User1Key:
    Type: AWS::IAM::AccessKey
    Properties:
      UserName: !Ref "User1"

  User2Key:
    Type: AWS::IAM::AccessKey
    Properties:
      UserName: !Ref "User2"
Outputs:
  AccessKey:
    Value: !Ref "User1Key"
    Description: AWSAccessKeyId of User 1
  SecretKey:
    Value: !GetAtt [User1Key, SecretAccessKey]
    Description: AWSSecretAccessKey of User 1
  AccessKey2:
    Value: !Ref "User2Key"
    Description: AWSAccessKeyId of User 2
  SecretKey2:
    Value: !GetAtt [User2Key, SecretAccessKey]
    Description: AWSSecretAccessKey of User 2

希望这可以帮助