努力創建存儲桶策略以列出某些文件類型。具體來說,我想只允許訪問圖像類型。擴展白名單S3資源
我能創造一個黑名單策略,像這樣:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::[my_bucket]/*.exe"
],
"Principal": {
"AWS": "*"
}
}
]
}
白名單未遂#1:
問題:這允許所有類型的,不只是那些上市
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::[my_bucket]/*.jpg",
"arn:aws:s3:::[my_bucket]/*.png",
"arn:aws:s3:::[my_bucket]/*.gif",
],
"Principal": {
"AWS": "*"
}
}
]
}
WHITELIST ATTEMPT#2:
問題:這最終拒絕所有文件
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::[my_bucket]/*"
],
"Principal": {
"AWS": "*"
}
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::[my_bucket]/*.jpg",
"arn:aws:s3:::[my_bucket]/*.png",
"arn:aws:s3:::[my_bucket]/*.gif",
],
"Principal": {
"AWS": "*"
}
}
]
}
**任何**匹配的拒絕總是拒絕。允許不能否決拒絕。 –