Комментарии:
Very Useful, thank you!
ОтветитьThanks for this amazing tutorial. I have a question for you with respect to the cross-account S3 bucket access. If the root user on account B has got access to the S3 bucket sitting on account A then will that make any role of account B access to this bucket (on account A) if the access was given on the role by account B
ОтветитьI get a principal error when trying to add a bucket policy which gives access to a bucket from a different amazon account and role on that account. The other person does not want to assume a role I created them in my iam they just want access from their account and role added directly on the bucket policy
Ответитьvery well explained. thanks
ОтветитьThanks for the tutorial. Really helped me a lot what I wanted to do. 👍
ОтветитьHello. I want to deny GetObject for all users in minio, but it doesn't work. Here is a bucket policy. {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::my-bucket/*"
]
}
]
} And user has readwrite policy. {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}.
thank you
ОтветитьVery nicely explained. Thanks for the effort you have put in making such videos.
ОтветитьSuper helpful resource thanks!! 😊
ОтветитьThank you! Very clear explanation.
ОтветитьOh Canada! Is there really a “zed” in “reZources”? 😊
ОтветитьThanks for this video.
ОтветитьVery clearly explained. ***
ОтветитьCool! nice tutorial thanks !
ОтветитьAwesome as always
ОтветитьI have a question, but first, very good. I was never told before that the principal field goes just with S3 policies.
On to the question, if we're allowed to act on a bucket, can't we operate on its objects as well? In your example you gave access to both bucket and objects.
Be A Better Dev: Daniel, this is so timely for me! On my current project, I'm literally in the middle of creating a lambda to trigger off of s3:CreateObject events which then invokes a step function! Love your explanations of AWS concepts, they're super clear and concise. ❤ AWS's IAM docs are hopeless. 😩
ОтветитьIf i give permission to s3 bucket in bucket policy to a user but no in IAM policy, can the user access the s3 bucket?
Ответить