我有一组用户:user1和user2。理想情况下,他们应该有权在自己的存储桶中进行读取和写入。
我想给他们控制台访问权限,以便他们可以通过拖放登录和上传S3中的数据。
因此,我希望一个用户能够查看其他用户的存储桶。
我正在使用以下IAM策略:
{
"Version": "2012-10-17","Statement": [
{
"Effect": "Allow","action": [
"s3:ListBucket","s3:GetBucketLocation","s3:ListBucketMultipartUploads"
],"Resource": "arn:aws:s3:::user1_bucket","Condition": {}
},{
"Effect": "Allow","action": [
"s3:AbortMultipartUpload","s3:DeleteObject","s3:DeleteObjectVersion","s3:GetObject","s3:GetObjectAcl","s3:GetObjectVersion","s3:GetObjectVersionAcl","s3:PutObject","s3:PutObjectAcl","s3:PutObjectVersionAcl"
],"Resource": "arn:aws:s3:::user1_bucket/*","Condition": {}
}
]
}
但是它不会为用户显示任何存储桶。用户只能看到拒绝访问。 我试图在策略中添加主体:
{
"Version": "2012-10-17","Statement": [
{
"Effect": "Allow","Principal": {"AWS": "arn:aws:iam::9xxxxxxxxxx:user/user1"},"action": "s3:*","Resource": [
"arn:aws:s3:::user1_bucket"
]
}
]
}
这给出了一个错误。
This policy contains the following error: Has prohibited field Principal For more information about the IAM policy grammar,see AWS IAM Policies
我该怎么办?