1. 程式人生 > >Use IAM Policies to Grant Access to User

Use IAM Policies to Grant Access to User

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowUserToSeeBucketListInTheConsole",
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:GetBucketLocation"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::*"
            ]
        },
        {
            "Sid": "AllowRootAndHomeListingOfCompanyBucket",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::my-company"
            ],
            "Condition": {
                "StringEquals": {
                    "s3:prefix": [
                        "",
                        "home/"
                    ],
                    "s3:delimiter": [
                        "/"
                    ]
                }
            }
        },
        {
            "Sid": "AllowListingOfUserFolder",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::my-company"
            ],
            "Condition": {
                "StringLike": {
                    "s3:prefix": [
                        "home/${aws:username}/*"
                    ]
                }
            }
        },
        {
            "Sid": "AllowAllS3ActionsInUserFolder",
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::my-company/home/${aws:username}/*"
            ]
        }
    ]
}

相關推薦

Use IAM Policies to Grant Access to User

{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowUserToSeeBucketListInTheConsole", "Action": [

DARPA to Grant $2B to AI Projects Over Next Five Years

DARPA stands for “Defense Advanced Research Projects Agency,” but while defense is good and all, what DARPA is really into is that

IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources)

In previous posts we’ve explained how to write S3 policies for the console and how to use policy variables to grant access to user-specific S3 fol

Apple VoiceOver iOS vulnerability permits hacker access to user photos

A vulnerability has been discovered in the Apple iOS VoiceOver feature which can be exploited by attackers to gain access to a victim's photos. As reported

rabbitmq windows 403, "ACCESS_REFUSED - access to queue 'xxx' in vhost '/' refused for user 'admin'

呼叫生產者,沒有任何錯誤發出,但是處於持續不能完成生產訊息操作,導致mysql連線數達到上千個,優化mysql timeout引數,仍然不能解決問題,百思不得解。 嘗試重置佇列,重建使用者,期間遇到因授權寫成'.*'(帶單引號)導致的標題所述錯誤。 最終發現c盤空間已滿,清除快取,建好使用者操作恢復正常。

【轉】How to create a new user and grant permissions in MySQL

MySQL is one of the most popular database management systems. In this tutorial we will cover the steps needed to create new MySQL user and grant permission

Use CloudFront Geo Restriction To Restrict Access From Geographic Regions

You can use the geo restriction feature, also known as geoblocking, to prevent users in specific geographic locations from accessing content th

Grant Secondary Access to an ECR Repository

To push or pull images to or from an ECR repository in another account, you must create a policy that allows the secondary account to perform t

Grant Internet Access to a VPC Lambda Function

If your Lambda function needs to access private VPC resources (for example, an Amazon RDS DB instance or Amazon EC2 instance), you must associa

Use IAM Roles to Restrict API Calls from Specific IP Addresses

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::account-id:user/&

Use IAM Tags to Restrict EC2 Instances or EBS Volumes

{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowToDescribeAll", "Effect": "Allow",

Add New User Accounts with SSH Access to a Linux Instance

Retrieve the public key for your key pair Retrieve the public key for your key pair. Copy the public key, and then use the Linux c

Grant AD Users Access to AWS CLI using ADFS

[email protected]:~$ ./working_samlapi.py Username: [email protected] Password: *********** Please choose the role you wo

How to Rotate Access Keys for IAM Users

Changing access keys (which consist of an access key ID and a secret access key) on a regular schedule is a well-known security best practice beca

[Hibernate]Access to DialectResolutionInfo cannot be null when 'hibernate.dialect' not set

util create size dialect eat private 解決 代碼 ror 使用Hibernate官方文檔上的下面代碼進行測試時報出這個異常。 org.hibernate.HibernateException: Access to Dialect

You (root) are not allowed to access to (crontab) because of pam configuration

作業 cnblogs led 賬號密碼 pad .so normal access new 巡檢發現一臺Linux服務器上的作業沒有如期發送郵件,登錄服務器檢查後發現作業並沒有執行,於是檢查一下crontab的設置。結果發現如下錯誤: [[email pr

#錯誤處理#Error 1304: Error writing to file: Verify that you have access to that directory while upgrading ArcGIS Softwares

can window prot issue reason image necessary util however When upgrading ArcGIS Server 10.5 and Portal for ArcGIS 10.5 you may encounter

solr部署tomcat 訪問HTTP Status 403 – Access to the requested resource has been denied

height AC target win7 denied erl 重啟 出現 ora -----------解決403錯誤看這裏!!-----------打開****\Tomcat 8.5\webapps\solr\WEB-INF裏面的web.xml,把下面這段配置註釋掉!

Access to Image at 'file:///Users canvas本地圖片跨域報錯解決方案

本地服務 canvas 解決方案 圖片 報錯 訪問 can 支持 ESS 1、設置跨域 添加跨域條件 crossorigin="anonymous" 前提是後端支持這個圖片跨域 2、上面加了之後還是報錯   如標題所示  

除錯經驗——如何檢視Oracle自定義函式 (How to view definition of user defined functions in Oracle)

問題描述: 現有的Query中似乎使用了一個自定義函式String_to_list,為了排查問題,需要檢視這個函式的定義。 方法:   --新建的function,並未儲存在All_ojbects表中,而是儲存在user_objects表中 SELECT * FRO