minio权限之IAM policy配置及用户赋权
通常我们在使用minio的时候,需要添加用户,并且给用户授予相应桶的权限。本地主要介绍单独给桶设置policy的相关权限(读写,只读,只写),同时给用户赋予相应的Policy。最终达到给用户赋予某个桶独立的读写、只读、只写权限。...
·
一、介绍
通常我们在使用minio的时候,需要添加用户,并且给用户授予相应桶的权限。本地主要介绍单独给桶设置policy的相关权限(读写,只读,只写),同时给用户赋予相应的Policy。最终达到给用户赋予某个桶独立的读写、只读、只写权限。
a、添加policy
1、选择IAM Policies菜单
2、创建Policy
3、输入Policy的名字
4、输入Policy的内容,例子中的是读写权限,可以从文章的第二节中去复制内容。
本文的二,三,四节是专门介绍单独某个桶的读写,只读,只写权限的Policy设置的。使用的时候可以拷贝。
b、添加用户并赋予policy权限
1、选择用户菜单
2、创建用户
3、设置access key(程序中往往会使用)
4、设置secret key(程序中往往会使用)
5、为该用户选择policy
二、独立桶[IAM Policies]设置之readwrite
需要修改对应的桶名字,本文列子中的桶名字为bucket-demo
总共有3处桶名字需要修改
全量的代码如下
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::bucket-demo"
]
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::bucket-demo"
],
"Condition": {
"StringEquals": {
"s3:prefix": [
"*"
]
}
}
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:PutObject",
"s3:AbortMultipartUpload",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::bucket-demo/**"
]
}
]
}三、独立桶[IAM Policies]设置之readonly
需要修改3处桶的名字,下图中用数字标出了。
readonly的全量代码
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::bucket-demo"
]
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::bucket-demo"
],
"Condition": {
"StringEquals": {
"s3:prefix": [
"*"
]
}
}
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::bucket-demo/**"
]
}
]
}四、独立桶[IAM Policies]设置之writeonly
有2处桶名字需要修改
writeonly全量代码
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::bucket-demo"
]
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::bucket-demo/**"
]
}
]
}
有“AI”的1024 = 2048,欢迎大家加入2048 AI社区
更多推荐
6
0- 0
已为社区贡献1条内容
所有评论(0)