AWS CloudFormation
User Guide (API Version 2010-05-15)
AWS 服务或AWS文档中描述的功能,可能因地区/位置而异。请点击 Amazon AWS 入门,可查看中国地区的具体差异

AWS::S3::BucketPolicy

AWS::S3::BucketPolicy 类型将 Amazon S3 存储桶策略应用于 Amazon S3 存储桶。

AWS::S3::BucketPolicy 代码段:声明 Amazon S3 存储段策略

语法

要在 AWS CloudFormation 模板中声明此实体,请使用以下语法:

JSON

Copy
{ "Type" : "AWS::S3::BucketPolicy", "Properties" : { "Bucket" : String, "PolicyDocument" : JSON } }

YAML

Copy
Type: "AWS::S3::BucketPolicy" Properties: Bucket: String PolicyDocument: JSON

属性

Bucket

应用策略的 Amazon S3 存储桶。

Required: Yes

Type: String

您无法更新此属性。如果您要对存储桶策略添加或删除存储桶,则必须通过创建新存储桶策略资源并删除旧资源来修改 AWS CloudFormation 模板。然后使用经过修改的模板更新 AWS CloudFormation 堆栈。

PolicyDocument

策略文档,其中包含可向指定存储段添加的权限。有关更多信息,请参阅 Amazon Simple Storage Service 开发人员指南 中的访问策略语言概述

Required: Yes

Type: JSON object

更新要求无需中断

示例

允许从特定引用站点发起 GET 请求的存储桶策略

下面的示例是一个存储桶策略,该策略附加到 myExampleBucket 存储桶,并允许 www.example.comexample.com 发起 GET 请求:

JSON

Copy
"SampleBucketPolicy" : { "Type" : "AWS::S3::BucketPolicy", "Properties" : { "Bucket" : {"Ref" : "myExampleBucket"}, "PolicyDocument": { "Statement":[{ "Action":["s3:GetObject"], "Effect":"Allow", "Resource": { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "myExampleBucket" } , "/*" ]]}, "Principal":"*", "Condition":{ "StringLike":{ "aws:Referer":[ "http://www.example.com/*", "http://example.com/*" ] } } }] } } }

YAML

Copy
SampleBucketPolicy: Type: "AWS::S3::BucketPolicy" Properties: Bucket: Ref: "myExampleBucket" PolicyDocument: Statement: - Action: - "s3:GetObject" Effect: "Allow" Resource: Fn::Join: - "" - - "arn:aws:s3:::" - Ref: "myExampleBucket" - "/*" Principal: "*" Condition: StringLike: aws:Referer: - "http://www.example.com/*" - "http://example.com/*"

本页内容: