本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# Amazon S3 的操作、资源和条件键
Amazon S3(服务前缀:`s3`)提供以下服务特定的资源、操作和条件上下文键以在 IAM 权限策略中使用。
参考:
+ 了解如何[配置该服务](https://docs.amazonaws.cn/AmazonS3/latest/userguide/Welcome.html)。
+ 查看[适用于该服务的 API 操作列表](https://docs.amazonaws.cn/AmazonS3/latest/API/)。
+ 了解如何[使用 IAM](https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-control-overview.html) 权限策略保护该服务及其资源。
**Topics**
+ [Amazon S3 定义的操作](#amazons3-actions-as-permissions)
+ [Amazon S3 定义的资源类型](#amazons3-resources-for-iam-policies)
+ [Amazon S3 的条件键](#amazons3-policy-keys)
## Amazon S3 定义的操作
您可以在 IAM 策略语句的 `Action` 元素中指定以下操作。可以使用策略授予在 Amazon中执行操作的权限。您在策略中使用一项操作时,通常使用相同的名称允许或拒绝对 API 操作或 CLI 命令的访问。但在某些情况下,单一动作可控制对多项操作的访问。还有某些操作需要多种不同的动作。
操作表的**访问级别**列描述如何对操作进行分类(列出、读取、权限管理或标记)。此分类可以帮助您了解当您在策略中使用操作时,相应操作授予的访问级别。有关访问级别的更多信息,请参阅[策略摘要中的访问级别](https://docs.amazonaws.cn/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html)。
操作表的**资源类型**列指示每项操作是否支持资源级权限。如果该列没有任何值,您必须在策略语句的 `Resource` 元素中指定策略应用的所有资源(“\$1”)。通过在 IAM policy 中使用条件来筛选访问权限,以控制是否可以在资源或请求中使用特定标签键。如果操作具有一个或多个必需资源,则调用方必须具有使用这些资源来使用该操作的权限。必需资源在表中以星号 (\$1) 表示。如果您在 IAM policy 中使用 `Resource` 元素限制资源访问权限,则必须为每种必需的资源类型添加 ARN 或模式。某些操作支持多种资源类型。如果资源类型是可选的(未指示为必需),则可以选择使用一种可选资源类型。
操作表的**条件键**列包括可以在策略语句的 `Condition` 元素中指定的键。有关与服务资源关联的条件键的更多信息,请参阅资源类型表的**条件键**列。
操作表的**依赖操作**列显示成功调用操作可能需要的其他权限。除了操作本身的权限以外,可能还需要这些权限。若某个操作指定依赖操作,则这些依赖关系可能适用于为该操作定义的其他资源,而不仅仅是表中列出的第一个资源。
**注意**
资源条件键在[资源类型](#amazons3-resources-for-iam-policies)表中列出。您可以在操作表的**资源类型(\$1 为必需)**列中找到应用于某项操作的资源类型的链接。资源类型表中的资源类型包括**条件密钥**列,这是应用于操作表中操作的资源条件键。
有关下表中各列的详细信息,请参阅[操作表](reference_policies_actions-resources-contextkeys.html#actions_table)。
****
[\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/service-authorization/latest/reference/list_amazons3.html)
## Amazon S3 定义的资源类型
以下资源类型是由该服务定义的,可以在 IAM 权限策略语句的 `Resource` 元素中使用这些资源类型。[操作表](#amazons3-actions-as-permissions)中的每个操作指定了可以使用该操作指定的资源类型。您也可以在策略中包含条件键,从而定义资源类型。这些键显示在资源类型表的最后一列。有关下表中各列的详细信息,请参阅[资源类型表](reference_policies_actions-resources-contextkeys.html#resources_table)。
****
| 资源类型 | ARN | 条件键 |
| --- | --- | --- |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-points.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-points.html) | arn:\$1\$1Partition\$1:s3:\$1\$1Region\$1:\$1\$1Account\$1:accesspoint/\$1\$1AccessPointName\$1 | [#amazons3-aws_ResourceTag___TagKey_](#amazons3-aws_ResourceTag___TagKey_) [#amazons3-s3_AccessPointNetworkOrigin](#amazons3-s3_AccessPointNetworkOrigin) [#amazons3-s3_AccessPointTag___TagKey_](#amazons3-s3_AccessPointTag___TagKey_) [#amazons3-s3_DataAccessPointAccount](#amazons3-s3_DataAccessPointAccount) [#amazons3-s3_DataAccessPointArn](#amazons3-s3_DataAccessPointArn) |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-points.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-points.html) | arn:\$1\$1Partition\$1:s3:\$1\$1Region\$1:\$1\$1Account\$1:accesspoint/\$1\$1AccessPointName\$1/object/\$1\$1ObjectName\$1 | [#amazons3-aws_ResourceTag___TagKey_](#amazons3-aws_ResourceTag___TagKey_) [#amazons3-s3_AccessPointNetworkOrigin](#amazons3-s3_AccessPointNetworkOrigin) [#amazons3-s3_AccessPointTag___TagKey_](#amazons3-s3_AccessPointTag___TagKey_) [#amazons3-s3_BucketTag___TagKey_](#amazons3-s3_BucketTag___TagKey_) [#amazons3-s3_DataAccessPointAccount](#amazons3-s3_DataAccessPointAccount) [#amazons3-s3_DataAccessPointArn](#amazons3-s3_DataAccessPointArn) |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/UsingBucket.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/UsingBucket.html) | arn:\$1\$1Partition\$1:s3:::\$1\$1BucketName\$1 | [#amazons3-aws_ResourceTag___TagKey_](#amazons3-aws_ResourceTag___TagKey_) [#amazons3-s3_BucketTag___TagKey_](#amazons3-s3_BucketTag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/UsingObjects.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/UsingObjects.html) | arn:\$1\$1Partition\$1:s3:::\$1\$1BucketName\$1/\$1\$1ObjectName\$1 | [#amazons3-aws_ResourceTag___TagKey_](#amazons3-aws_ResourceTag___TagKey_) [#amazons3-s3_BucketTag___TagKey_](#amazons3-s3_BucketTag___TagKey_) |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/batch-ops-managing-jobs.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/batch-ops-managing-jobs.html) | arn:\$1\$1Partition\$1:s3:\$1\$1Region\$1:\$1\$1Account\$1:job/\$1\$1JobId\$1 | [#amazons3-aws_RequestTag___TagKey_](#amazons3-aws_RequestTag___TagKey_) [#amazons3-aws_ResourceTag___TagKey_](#amazons3-aws_ResourceTag___TagKey_) [#amazons3-aws_TagKeys](#amazons3-aws_TagKeys) |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/storage_lens.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/storage_lens.html) | arn:\$1\$1Partition\$1:s3:\$1\$1Region\$1:\$1\$1Account\$1:storage-lens/\$1\$1ConfigId\$1 | [#amazons3-aws_RequestTag___TagKey_](#amazons3-aws_RequestTag___TagKey_) [#amazons3-aws_ResourceTag___TagKey_](#amazons3-aws_ResourceTag___TagKey_) [#amazons3-aws_TagKeys](#amazons3-aws_TagKeys) |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/storage_lens_group.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/storage_lens_group.html) | arn:\$1\$1Partition\$1:s3:\$1\$1Region\$1:\$1\$1Account\$1:storage-lens-group/\$1\$1Name\$1 | [#amazons3-aws_RequestTag___TagKey_](#amazons3-aws_RequestTag___TagKey_) [#amazons3-aws_ResourceTag___TagKey_](#amazons3-aws_ResourceTag___TagKey_) [#amazons3-aws_TagKeys](#amazons3-aws_TagKeys) |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/transforming-objects.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/transforming-objects.html) | arn:\$1\$1Partition\$1:s3-object-lambda:\$1\$1Region\$1:\$1\$1Account\$1:accesspoint/\$1\$1AccessPointName\$1 | |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/MultiRegionAccessPointRequests.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/MultiRegionAccessPointRequests.html) | arn:\$1\$1Partition\$1:s3::\$1\$1Account\$1:accesspoint/\$1\$1AccessPointAlias\$1 | |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/MultiRegionAccessPointRequests.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/MultiRegionAccessPointRequests.html) | arn:\$1\$1Partition\$1:s3:us-west-2:\$1\$1Account\$1:async-request/mrap/\$1\$1Operation\$1/\$1\$1Token\$1 | |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-grants-instance.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-grants-instance.html) | arn:\$1\$1Partition\$1:s3:\$1\$1Region\$1:\$1\$1Account\$1:access-grants/default | [#amazons3-aws_RequestTag___TagKey_](#amazons3-aws_RequestTag___TagKey_) [#amazons3-aws_ResourceTag___TagKey_](#amazons3-aws_ResourceTag___TagKey_) [#amazons3-aws_TagKeys](#amazons3-aws_TagKeys) |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-grants-location.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-grants-location.html) | arn:\$1\$1Partition\$1:s3:\$1\$1Region\$1:\$1\$1Account\$1:access-grants/default/location/\$1\$1Token\$1 | [#amazons3-aws_RequestTag___TagKey_](#amazons3-aws_RequestTag___TagKey_) [#amazons3-aws_ResourceTag___TagKey_](#amazons3-aws_ResourceTag___TagKey_) [#amazons3-aws_TagKeys](#amazons3-aws_TagKeys) |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-grants-grant.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-grants-grant.html) | arn:\$1\$1Partition\$1:s3:\$1\$1Region\$1:\$1\$1Account\$1:access-grants/default/grant/\$1\$1Token\$1 | [#amazons3-aws_RequestTag___TagKey_](#amazons3-aws_RequestTag___TagKey_) [#amazons3-aws_ResourceTag___TagKey_](#amazons3-aws_ResourceTag___TagKey_) [#amazons3-aws_TagKeys](#amazons3-aws_TagKeys) |
## Amazon S3 的条件键
Amazon S3 定义以下可以在 IAM 策略的 `Condition` 元素中使用的条件键。您可以使用这些键进一步细化应用策略语句的条件。有关下表中各列的详细信息,请参阅[条件键表](reference_policies_actions-resources-contextkeys.html#context_keys_table)。
要查看适用于所有服务的全局条件键,请参阅 [Amazon 全局条件上下文键](https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html)。
****
| 条件键 | 描述 | 类型 |
| --- | --- | --- |
| [https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag](https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag) | 按请求中传递的标签筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag](https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag) | 按与资源关联的标签筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys](https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys) | 按请求中传递的标签键筛选访问权限 | ArrayOfString |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-grants-grant.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-grants-grant.html) | 按访问权限授予授权的授权范围筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-grants-instance.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-grants-instance.html) | 按访问授权实例 ARN 筛选访问权限 | 进行筛选 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-grants-location.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-grants-location.html) | 按访问权限授予位置的位置范围筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/creating-access-points.html#access-points-policies](https://docs.amazonaws.cn/AmazonS3/latest/userguide/creating-access-points.html#access-points-policies) | 按网络源(Internet 或 VPC)筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-points.html#tagging-and-policies](https://docs.amazonaws.cn/AmazonS3/latest/userguide/access-points.html#tagging-and-policies) | 按现有接入点标签键和值筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/buckets-tagging.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/buckets-tagging.html) | 按与存储桶关联的标签筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/creating-access-points.html#access-points-policies](https://docs.amazonaws.cn/AmazonS3/latest/userguide/creating-access-points.html#access-points-policies) | 按拥有接入点的 Amazon 账户 ID 筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/creating-access-points.html#access-points-policies](https://docs.amazonaws.cn/AmazonS3/latest/userguide/creating-access-points.html#access-points-policies) | 按接入点 Amazon Resource Name(ARN)筛选访问 | 进行筛选 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/batch-ops-job-tags-examples.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/batch-ops-job-tags-examples.html) | 按操作筛选访问权限以更新任务优先级 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/batch-ops-job-tags-examples.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/batch-ops-job-tags-examples.html) | 按优先级范围筛选访问权限以取消现有任务 | 数值 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/object-tagging.html#tagging-and-policies](https://docs.amazonaws.cn/AmazonS3/latest/userguide/object-tagging.html#tagging-and-policies) | 按现有对象标签键和值筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-s3-inventory-2](https://docs.amazonaws.cn/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-s3-inventory-2) | 通过限制用户在配置 S3 清单报告时可以添加的可选元数据字段来筛选访问权限 | ArrayOfString |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/batch-ops-job-tags-examples.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/batch-ops-job-tags-examples.html) | 按特定的任务暂停原因(例如,AWAITING\$1CONFIRMATION)筛选取消暂停的任务的访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/conditional-writes-enforce.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/conditional-writes-enforce.html) | 按操作是否创建对象筛选访问权限 | 布尔型 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/batch-ops-job-tags-examples.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/batch-ops-job-tags-examples.html) | 按操作筛选访问权限以创建任务 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/batch-ops-job-tags-examples.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/batch-ops-job-tags-examples.html) | 按优先级范围筛选访问权限以创建新任务 | 数值 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/object-tagging.html#tagging-and-policies](https://docs.amazonaws.cn/AmazonS3/latest/userguide/object-tagging.html#tagging-and-policies) | 按要添加到对象的标签键和值筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/object-tagging.html#tagging-and-policies](https://docs.amazonaws.cn/AmazonS3/latest/userguide/object-tagging.html#tagging-and-policies) | 按要添加到对象的标签键筛选访问 | ArrayOfString |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#example-object-resource-account](https://docs.amazonaws.cn/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#example-object-resource-account) | 按资源所有者 Amazon Web Services 账户 ID 筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#example-object-tls-version](https://docs.amazonaws.cn/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#example-object-tls-version) | 按客户端使用的 TLS 版本筛选访问 | 数值 |
| [https://docs.amazonaws.cn/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html](https://docs.amazonaws.cn/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html) | 按身份验证方法筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/walkthrough1.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/walkthrough1.html) | 按分隔符参数筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/replication.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/replication.html) | 按特定复制目标区域筛选 FIS 操作的目标存储桶的访问权限 aws: Amazon s3: bucket-pause-replication | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/conditional-writes-enforce.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/conditional-writes-enforce.html) | 按请求的“If-Match”条件标头筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/conditional-writes-enforce.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/conditional-writes-enforce.html) | 按请求的“If-None-Match”条件标头筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/fis/latest/userguide/security_iam_id-based-policy-examples.html#security-iam-policy-examples-s3](https://docs.amazonaws.cn/fis/latest/userguide/security_iam_id-based-policy-examples.html#security-iam-policy-examples-s3) | 按通过 Amazon FIS 操作发出的请求筛选访问权限 aws: s3: bucket-pause-replication | 布尔型 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#condition-key-bucket-ops-1](https://docs.amazonaws.cn/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#condition-key-bucket-ops-1) | 按特定区域筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#example-numeric-condition-operators](https://docs.amazonaws.cn/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#example-numeric-condition-operators) | 按 ListBucket 请求中返回的最大密钥数筛选访问权限 | 数值 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/object-lock-overview.html#object-lock-legal-holds](https://docs.amazonaws.cn/AmazonS3/latest/userguide/object-lock-overview.html#object-lock-legal-holds) | 按对象合法保留状态筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/object-lock-overview.html#object-lock-retention-modes](https://docs.amazonaws.cn/AmazonS3/latest/userguide/object-lock-overview.html#object-lock-retention-modes) | 按对象保留模式(COMPLIANCE 或 GOVERNANCE)筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-managing-retention-limits](https://docs.amazonaws.cn/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-managing-retention-limits) | 按剩余对象保留天数筛选访问 | 数值 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/object-lock-overview.html#object-lock-retention-periods](https://docs.amazonaws.cn/AmazonS3/latest/userguide/object-lock-overview.html#object-lock-retention-periods) | 按对象保留截止日期筛选访问 | 日期 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#condition-key-bucket-ops-2](https://docs.amazonaws.cn/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#condition-key-bucket-ops-2) | 按键名称前缀筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html](https://docs.amazonaws.cn/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html) | 按请求签名的生存期(以毫秒为单位)筛选访问 | 数值 |
| [https://docs.amazonaws.cn/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html](https://docs.amazonaws.cn/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html) | 根据请求中使用的 Amazon 签名版本筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#getobjectversion-limit-access-to-specific-version-3](https://docs.amazonaws.cn/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#getobjectversion-limit-access-to-specific-version-3) | 按特定对象版本筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/acl-overview.html#permissions](https://docs.amazonaws.cn/AmazonS3/latest/userguide/acl-overview.html#permissions) | 通过请求 x-amz-acl标头中的预设 ACL 筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/gpbucketnamespaces.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/gpbucketnamespaces.html) | 按通用存储桶命名空间类型筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html](https://docs.amazonaws.cn/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html) | 按存储桶中未签名内容筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#putobject-limit-copy-source-3](https://docs.amazonaws.cn/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#putobject-limit-copy-source-3) | 按复制对象请求中的复制源存储桶、前缀或对象筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/acl-overview.html#permissions](https://docs.amazonaws.cn/AmazonS3/latest/userguide/acl-overview.html#permissions) | 按 x-amz-grant-full-control(完全控制)标头筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/acl-overview.html#permissions](https://docs.amazonaws.cn/AmazonS3/latest/userguide/acl-overview.html#permissions) | 按 x-amz-grant-read(读取访问权限)标头筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/acl-overview.html#permissions](https://docs.amazonaws.cn/AmazonS3/latest/userguide/acl-overview.html#permissions) | 按 x-amz-grant-read-acp(ACL 的读取权限)标头筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/acl-overview.html#permissions](https://docs.amazonaws.cn/AmazonS3/latest/userguide/acl-overview.html#permissions) | 按 x-amz-grant-write(写入权限)标头筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/acl-overview.html#permissions](https://docs.amazonaws.cn/AmazonS3/latest/userguide/acl-overview.html#permissions) | 按 x-amz-grant-write-acp(ACL 的写入权限)标头筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/API/API_CopyObject.html](https://docs.amazonaws.cn/AmazonS3/latest/API/API_CopyObject.html) | 按复制对象时的对象元数据行为(COPY 或 REPLACE)来筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/ensure-object-ownership.html#object-ownership-requiring-bucket-owner-enforced](https://docs.amazonaws.cn/AmazonS3/latest/userguide/ensure-object-ownership.html#object-ownership-requiring-bucket-owner-enforced) | 按对象所有权筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/UsingServerSideEncryption.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/UsingServerSideEncryption.html) | 通过服务器端加密来筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/UsingKMSEncryption.html#require-sse-kms](https://docs.amazonaws.cn/AmazonS3/latest/userguide/UsingKMSEncryption.html#require-sse-kms) | 筛选 Amazon KMS 客户托管 CMK 的访问权限以进行服务器端加密 | 进行筛选 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html](https://docs.amazonaws.cn/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html) | 按客户指定的服务器端加密算法筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/storage-class-intro.html#sc-howtoset](https://docs.amazonaws.cn/AmazonS3/latest/userguide/storage-class-intro.html#sc-howtoset) | 按存储类筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/AmazonS3/latest/userguide/how-to-page-redirect.html#page-redirect-using-rest-api](https://docs.amazonaws.cn/AmazonS3/latest/userguide/how-to-page-redirect.html#page-redirect-using-rest-api) | 针对配置为静态网站的存储桶,按特定网站重定向位置筛选访问 | 字符串 |