我如何上传文件到Amazon S3，而不列出桶

Question

我采用了棱角分明的前端与S3斗政策文件上传到S3：

{ 
    "Id": "Policy1499245520254", 
    "Version": "2012-10-17", 
    "Statement": [ 
    { 
     "Sid": "Stmt1499245493674", 
     "Action": [ 
     "s3:*" 
     ], 
     "Effect": "Allow", 
     "Resource": ["arn:aws:s3:::test-dev/*", 
       "arn:aws:s3:::test-dev"], 
     "Principal": "*" 
    } 
    ] 
} 

但是，如果我改变上述政策

{ 
    "Id": "Policy1499245520254", 
    "Version": "2012-10-17", 
    "Statement": [ 
    { 
     "Sid": "Stmt1499245493674", 
     "Action": [ 
     "s3:*" 
     ], 
     "Effect": "Allow", 
     "Resource": ["arn:aws:s3:::test-dev/*", 
       "arn:aws:s3:::test-dev"], 
     "Principal": "*" 
    }, 
    { 
     "Sid": "Stmt1499245517941", 
     "Action": [ 
     "s3:ListBucket" 
     ], 
     "Effect": "Deny", 
     "Resource": "arn:aws:s3:::test-dev", 
     "Principal": "*" 
    } 
    ] 
} 

在哪里我说：

{ 
     "Sid": "Stmt1499245517944", 
     "Action": [ 
     "s3:ListBucket" 
     ], 
     "Effect": "Deny", 
     "Resource": "arn:aws:s3:::test-dev", 
     "Principal": "*" 
} 

加入遗愿清单否认，上传失败。任何方式如何我可以上传文件没有列出桶。

Answer 1

{ 
    "Version": "2008-10-17", 
    "Statement": [ 
     { 
      "Sid": "", 
      "Effect": "Allow", 
      "Principal": { 
       "AWS": "*" 
      }, 
      "Action": [ 
       "s3:GetObject", 
       "s3:PutObject", 
       "s3:GetObjectACL", 
       "s3:PutObject", 
       "s3:PutObjectAcl", 
       "s3:PutObjectTagging", 
       "s3:PutObjectVersionAcl", 
       "s3:PutObjectVersionTagging" 
      ], 
      "Resource": [ 
       "arn:aws:s3:::test-dev", 
       "arn:aws:s3:::test-dev/*" 
      ] 
     } 
    ] 
} 

我解决了它，只是允许这些权限，显然这不需要桶列表，并解决了这个问题。

Answer 2

这是因为s3:ListBucket操作覆盖了GET Bucket (List Objects)和HEAD Bucket操作。该小桶操作确定桶存在并且您有权限访问它，它好像是叫上对象的任何行动（如s3:PutObject动作）前。见Specifying Permissions in a Policy。