網頁

2024/4/29

AWS IAM identity policy for mounting S3 bucket

將AWS S3 bucket掛載為檔案系統磁碟需要的IAM identity policy如下。


允許S3 actionListBucketGetObjectPutObjectDeleteObject;可存取的資源Resource為S3 bucket和下面的所有Objects。

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "MountS3Bucket",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "<S3_ARN>",
                "<S3_ARN>/*"
            ]
        }
    ]
}

例如要掛載的bucket名稱為bucket-202404241830-001的ARN為arn:aws:s3:::bucket-202404241830-001,則policy設定如下:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "MountS3Bucket",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
            ],
            "Resource": [
                "arn:aws:s3:::bucket-202404241830-001",
                "arn:aws:s3:::bucket-202404241830-001/*"
            ]
        }
    ]
}

沒有留言:

張貼留言