- 最新
- 最多得票
- 最多評論
I don't think so.
The only way to deny download is by denying the s3:GetObject action either on IAM Policies or S3 Bucket Policies.
You can then deny for specific user, group or role through IAM Policies by simpling attaching the policy to the identity you want to or in S3 Bucket Policies using the "Principal" keyword. You can yet combine these with specific conditions and deny only for a principal under specific conditions, but there is not a condition which evaluates if the operation is performed through console or cli or sdk or the API.
Check here for all s3 available conditions.
You could deny every identity which has console access from downloading files and provide them with a role to for them to use to donwload through CLI or SDK.
Hope this helps you, let me me know if I can still help.
相關內容
- 已提問 1 年前
- 已提問 7 個月前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 4 年前