2 Respuestas
- Más nuevo
- Más votos
- Más comentarios
1
Hi, in reviewing the JSON policy document that you provided, what you are seeing is expected.
The first Sid (Stmt1480515305000) allows the IAM user/role to list all of your buckets in the account and get their locations (e.g., AWS region). If you add the specific resource block that you use for the second Sid (Stmt1480515305002), you will restrict the bucket list to the one bucket that you want cyberduck to access. I've included my example below.
{
"Sid": "Stmt1480515305000",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::allowed-bucket"
]
}
respondido hace 2 años
0
Hello . thank you for your answer . i wasn't able to apply what you said . lets suppose the bucket i want to list is called bucket1 . how would the code look for that bucket . thank you
respondido hace 2 años
Contenido relevante
- OFICIAL DE AWSActualizada hace 3 años
- OFICIAL DE AWSActualizada hace 3 años