将非 public S3 存储桶设置为将新上传的密钥默认设置为 bucket-owner-full-control
Set a non public S3 bucket to have new uploaded keys default to bucket-owner-full-control
是否可以将所有新上传的密钥默认设置为特定存储桶以具有 bucket-owner-full-control acl 权限?
在文档中找不到这个。
您可以使用 S3 存储桶策略。
例如,允许特定主体(例如 IAM 用户)上传到存储桶但要求主体提供存储桶所有者完全控制 ACL:
{
"Statement":[
{
"Effect":"Allow",
"Principal":{ <principal here> },
"Action":"s3:PutObject",
"Resource":["arn:aws:s3:::mybucket/*"]
},
{
"Effect":"Deny",
"Principal":{ <principal here> },
"Action":"s3:PutObject",
"Resource":"arn:aws:s3:::mybucket/*",
"Condition": {
"StringNotEquals": {"s3:x-amz-acl":"bucket-owner-full-control"}
}
}
]
}
是否可以将所有新上传的密钥默认设置为特定存储桶以具有 bucket-owner-full-control acl 权限?
在文档中找不到这个。
您可以使用 S3 存储桶策略。
例如,允许特定主体(例如 IAM 用户)上传到存储桶但要求主体提供存储桶所有者完全控制 ACL:
{
"Statement":[
{
"Effect":"Allow",
"Principal":{ <principal here> },
"Action":"s3:PutObject",
"Resource":["arn:aws:s3:::mybucket/*"]
},
{
"Effect":"Deny",
"Principal":{ <principal here> },
"Action":"s3:PutObject",
"Resource":"arn:aws:s3:::mybucket/*",
"Condition": {
"StringNotEquals": {"s3:x-amz-acl":"bucket-owner-full-control"}
}
}
]
}