AWS S3 bucket的access point的policy的Resource格式為。
arn:aws:s3:<REGION>:<ACCOUNT>:accesspoint/<ACCESS_POINT_NAME>/object/*。
<REGION>- AWS region,例如ap-northeast-1。<ACCOUNT>- AWS帳戶編號,例如423456789012。<ACCESS_POINT_NAME>- access point的名稱。
例如下面設定帳號423456789012在region ap-northeast-1的bucket的access pointmy-access-point的policy,Resource設為
arn:aws:s3:ap-northeast-1:423456789012:accesspoint/my-access-point/object/*。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowAllGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:ap-northeast-1:423456789012:accesspoint/my-access-point/object/*"
}
]
}
注意bucket policy和access point policy的Resource格式是不同的。Bucket policy的Resource格式為
arn:aws:s3:::<BUCKET_NAME>/*。
沒有留言:
張貼留言