更新时间:2023-11-24 19:07:16
As per Available Condition Keys, s3:ResourceTag is not available for S3 conditions.
可用于在Amazon S3访问策略中指定条件的预定义键可以分类如下:
The predefined keys available for specifying conditions in an Amazon S3 access policy can be classified as follows:
与对象标记和访问控制策略,可以使用 s3:ExistingObjectTag 条件键对每个对象进行访问控制.
As in Object Tagging and Access Control Policies, access control per object is possible with s3:ExistingObjectTag condition key.
以下权限策略授予用户读取对象的权限,但条件将读取权限限制为仅具有以下特定标记键和值的对象.
安全性 :公开
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::examplebucket/*",
"Principal": "*",
"Condition": { "StringEquals": {"s3:ExistingObjectTag/security": "public" } }
}
]
}