我有一個 s3 存盤桶,我需要從 AWS 組織 ID 允許的存盤桶策略。我還想為bucket-owner-full-control罐裝 ACL 設定另一個條件。如何修改此現有存盤桶策略以添加bucket-owner-full-control預設 ACL?桶策略不允許添加另一個StringEquals條件塊。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowOrgToPutObjects",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:PutObject",
"s3:ListBucket",
],
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
],
"Condition": {
"StringEquals": {
"aws:PrincipalOrgID": [
"o-xxxx1",
"o-xxxx2"
]
}
}
}
]
}uj5u.com熱心網友回復:
由于策略中只能有一個StringEquals鍵,因此只需將所有條件放在同一個鍵下:
{
"Condition": {
"StringEquals": {
"aws:PrincipalOrgID": [
"o-xxxx1",
"o-xxxx2"
],
"condition2": "myValue"
}
}
}
轉載請註明出處,本文鏈接:https://www.uj5u.com/qianduan/456608.html