0
我创建了一个组,我添加新用户到这个组以后,我创建了以下IAM策略:AWS-IAM:给访问单斗
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:ListAllMyBuckets", "Resource": "arn:aws:s3:::*" }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": "arn:aws:s3:::EXAMPLE-BUCKET-NAME" }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource": "arn:aws:s3:::EXAMPLE-BUCKET-NAME/*" } ] }
我从得到了上述政策:
http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_examples.html
基本上,我希望授予其权限只为一个特定的桶,但上述政策不起作用。用户仍然可以添加,删除,修改其他存储桶中的文件。
谢谢!