Skip to content

Instantly share code, notes, and snippets.

@CodingPapi

CodingPapi/配置阿里云 sts,分配 list object 以及list bucket权限

Created July 28, 2018 13:04
Show Gist options
  • Save CodingPapi/3e550b711d0d58b4ebd4f1551fb4fc6c to your computer and use it in GitHub Desktop.
Save CodingPapi/3e550b711d0d58b4ebd4f1551fb4fc6c to your computer and use it in GitHub Desktop.
Download ZIP
配置阿里云 sts,分配 list object 以及list bucket权限
Raw
配置阿里云 sts,分配 list object 以及list bucket权限
仅为角色分配bucket的action oss:* 仍然无法list bucket中的objects
参考https://www.alibabacloud.com/help/zh/doc-detail/31867.htm
RAM和STS授权策略(Policy)配置
{
"Version": "1",
"Statement": [
{
"Action": [
"oss:GetBucketAcl",
"oss:ListObjects"
],
"Resource": [
"acs:oss:*:1775305056529849:mybucket"
],
"Effect": "Allow",
"Condition": {
"StringEquals": {
"acs:UserAgent": "java-sdk",
"oss:Prefix": "foo"
},
"IpAddress": {
"acs:SourceIp": "192.168.0.1"
}
}
},
{
"Action": [
"oss:PutObject",
"oss:GetObject",
"oss:DeleteObject"
],
"Resource": [
"acs:oss:*:1775305056529849:mybucket/file*"
],
"Effect": "Allow",
"Condition": {
"IpAddress": {
"acs:SourceIp": "192.168.0.1"
}
}
}
]
}
以及 https://segmentfault.com/a/1190000006962911 中最后的更新部分
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment