S3 Express One Zone 目录存储桶策略示例
本节提供了与 Amazon S3 Express One Zone 存储类配合使用的目录存储桶策略示例。要使用这些策略,请将 user input
placeholders
以下示例存储桶策略允许 Amazon Web Services 账户 ID 111122223333ReadWrite 会话中使用 CreateSession API 操作。此策略授予对可用区端点(对象级)API 操作的访问权限。
例 – 允许通过默认 ReadWrite 会话执行 CreateSession 调用的存储桶策略
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ReadWriteAccess", "Effect": "Allow", "Resource": "arn:aws:s3express:us-west-2:account-id:bucket/bucket-base-name--azid--x-s3", "Principal": { "AWS": [ "111122223333" ] }, "Action": [ "s3express:CreateSession" ] } ] }
例 – 允许通过 ReadOnly 会话执行 CreateSession 调用的存储桶策略
以下示例存储桶策略允许 Amazon Web Services 账户 ID 111122223333CreateSession API 操作。此策略使用 s3express:SessionMode 条件键以及 ReadOnly 值来设置只读会话。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ReadOnlyAccess", "Effect": "Allow", "Principal": { "AWS": "111122223333" }, "Action": "s3express:CreateSession", "Resource": "*", "Condition": { "StringEquals": { "s3express:SessionMode": "ReadOnly" } } } ] }
例 – 允许 CreateSession 调用进行跨账户访问的存储桶策略
以下示例存储桶策略允许 Amazon Web Services 账户 ID 111122223333444455556666CreateSession API 操作。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "CrossAccount", "Effect": "Allow", "Principal": { "AWS": "111122223333" }, "Action": [ "s3express:CreateSession" ], "Resource": "arn:aws:s3express:us-west-2:444455556666:bucket/bucket-base-name--azid--x-s3" } ] }