我有一个 s3 存储桶,我需要从 AWS 组织 ID 允许的存储桶策略。我还想为bucket-owner-full-control罐装 ACL 设置另一个条件。如何修改此现有存储桶策略以添加bucket-owner-full-control预设 ACL?桶策略不允许添加另一个StringEquals条件块。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowOrgToPutObjects",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:PutObject",
"s3:ListBucket",
],
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
],
"Condition": {
"StringEquals": {
"aws:PrincipalOrgID": [
"o-xxxx1",
"o-xxxx2"
]
}
}
}
]
}由于策略中只能有一个StringEquals键,因此只需将所有条件放在同一个键下:
{
"Condition": {
"StringEquals": {
"aws:PrincipalOrgID": [
"o-xxxx1",
"o-xxxx2"
],
"condition2": "myValue"
}
}
}
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句