1 Respuesta
- Más nuevo
- Más votos
- Más comentarios
0
It may be possible to do this by having a bucket policy that allows only those with a specific IAM role to manipulate tags.
If the server you are talking about is EC2, then IAM roles could be in effect to restrict it.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/tagging-and-policies.html
For example, you can set up a bucket policy as follows to allow tag operations only from EC2s using a specific IAM role.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObjectTagging",
"Resource": "arn:aws:s3:::S3-Bucket-Name/*",
"Condition": {
"StringLike": {
"aws:userId": [
"AROAxxxxxxxxxxxxxxVAI:*"
]
}
}
}
]
}
AROAxxxxxxxxxxxxxxxxxxxxVAI" can be checked with the following command.
aws iam get-role --role-name IAM Role Name
Contenido relevante
- OFICIAL DE AWSActualizada hace 3 años
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 3 años
- OFICIAL DE AWSActualizada hace 8 meses
Thanks! My backend isn't EC2, I am using the SDK and ended up specifying tagging in the both the
Fields
andConditions
of thePresignedPostOptions
.Essentially
I pass that to the
createPresignedPost
method. So far it's working for me.