amazon-web-services - AWS S3 存储桶默认存储类
问题描述
我一直在尝试将我的一个存储桶中的默认存储类更改为使用 IAM 策略的一位用户的冰川,但不幸的是它不起作用。有人可以告诉我我做错了什么吗?每个上传的文件仍然使用标准存储类。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "statement1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::$MY_ACCOUNT_ID:user/backup"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::private-backup/*",
"Condition": {
"StringEquals": {
"s3:x-amz-storage-class": "GLACIER"
}
}
}
]
}
解决方案
如果您的用户或存储桶有其他允许此类上传的策略,您必须在策略中使用显式拒绝,不允许:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "statement1",
"Effect": "Deny",
"Principal": {
"AWS": "arn:aws:iam::$MY_ACCOUNT_ID:user/backup"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::private-backup/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-storage-class": "GLACIER"
}
}
}
]
}