AWS S3 存储桶策略 - 仅允许文件夹中的某些文件类型
AWS S3 Bucket Policy - Only Allow Certain File Types In Folder
我的存储桶中有一个特定文件夹,我想将其限制为仅某些文件类型。我目前有以下内容:
{
"Version": "2012-10-17",
"Id": "Policy1464968545158",
"Statement": [
{
"Sid": "Stmt1464968483619",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::my-bucket/my-folder/*"
]
"Condition": {
"StringNotEquals": {
"s3:prefix": ".txt",
"s3:prefix": ".doc"
}
},
}
]
}
我需要一些东西来替换 s3:prefix 这样系统就不会查看文件和路径的开头,而是查看结尾。我试过 s3:suffix,但这不是有效的 属性。
是否有 S3 属性 在文件名末尾进行通配符搜索,以便我可以仅将文件夹的某些文件类型列入白名单?
您应该可以使用通配符在 Resource 中定义它。如果您希望文件夹仅限于 .txt 和 .doc,请使用 Effect: Allow。
{
"Version": "2012-10-17",
"Id": "Policy1464968545158",
"Statement": [
{
"Sid": "Stmt1464968483619",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::my-bucket/my-folder/*.doc",
"arn:aws:s3:::my-bucket/my-folder/*.txt"
]
}
]
}
与使用Deny Effect的方法相同,您可以使用allow effect。两个例子如下:
只允许特定的,如果需要则拒绝特定的....
{
"Version": "2012-10-17",
"Id": "Policy1464968545158",
"Statement": [
{
"Sid": "Stmt1464968483619",
"Effect": "Allow",
"Principal": {
"AWS": "IAM-USER-ARN"
},
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::bucket-name/*.doc",
"arn:aws:s3:::bucket-name/*.txt"
]
},
{
"Sid": "Stmt1464968483619",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": [
"arn:aws:s3:::bucket-name/*.png",
"arn:aws:s3:::bucket-name/*.gif"
]
}
]
}
我的存储桶中有一个特定文件夹,我想将其限制为仅某些文件类型。我目前有以下内容:
{
"Version": "2012-10-17",
"Id": "Policy1464968545158",
"Statement": [
{
"Sid": "Stmt1464968483619",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::my-bucket/my-folder/*"
]
"Condition": {
"StringNotEquals": {
"s3:prefix": ".txt",
"s3:prefix": ".doc"
}
},
}
]
}
我需要一些东西来替换 s3:prefix 这样系统就不会查看文件和路径的开头,而是查看结尾。我试过 s3:suffix,但这不是有效的 属性。
是否有 S3 属性 在文件名末尾进行通配符搜索,以便我可以仅将文件夹的某些文件类型列入白名单?
您应该可以使用通配符在 Resource 中定义它。如果您希望文件夹仅限于 .txt 和 .doc,请使用 Effect: Allow。
{
"Version": "2012-10-17",
"Id": "Policy1464968545158",
"Statement": [
{
"Sid": "Stmt1464968483619",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::my-bucket/my-folder/*.doc",
"arn:aws:s3:::my-bucket/my-folder/*.txt"
]
}
]
}
与使用Deny Effect的方法相同,您可以使用allow effect。两个例子如下:
只允许特定的,如果需要则拒绝特定的....
{
"Version": "2012-10-17",
"Id": "Policy1464968545158",
"Statement": [
{
"Sid": "Stmt1464968483619",
"Effect": "Allow",
"Principal": {
"AWS": "IAM-USER-ARN"
},
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::bucket-name/*.doc",
"arn:aws:s3:::bucket-name/*.txt"
]
},
{
"Sid": "Stmt1464968483619",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": [
"arn:aws:s3:::bucket-name/*.png",
"arn:aws:s3:::bucket-name/*.gif"
]
}
]
}