feature: IAM Policies S3 Wasabi compatibles
This commit is contained in:
parent
c56954a92a
commit
73185baeac
GPG key ID:
B1EDCB4C3B05C387
3 changed files with 47 additions and 0 deletions
7
IAM/README.md
Normal file
7
IAM/README.md
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
# IAM Policies
|
||||||
|
|
||||||
|
Actually those policies are tested on Wasabi S3 account.
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
|
||||||
|
* The policy `user_allow_specific_bucket.json` doesn't allow console operations
|
||||||
15
IAM/user_allow_specific_bucket.json
Normal file
15
IAM/user_allow_specific_bucket.json
Normal file
|
|
@ -0,0 +1,15 @@
|
||||||
|
{
|
||||||
|
"Statement": [
|
||||||
|
{
|
||||||
|
"Resource": [
|
||||||
|
"arn:aws:s3:::bucket-name/*",
|
||||||
|
"arn:aws:s3:::bucket-name"
|
||||||
|
],
|
||||||
|
"Action": [
|
||||||
|
"s3:*"
|
||||||
|
],
|
||||||
|
"Effect": "Allow"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"Version": "2012-10-17"
|
||||||
|
}
|
||||||
25
IAM/user_deny_explicitly_all_excluding_bucket.json
Normal file
25
IAM/user_deny_explicitly_all_excluding_bucket.json
Normal file
|
|
@ -0,0 +1,25 @@
|
||||||
|
{
|
||||||
|
"Statement": [
|
||||||
|
{
|
||||||
|
"NotResource": [
|
||||||
|
"arn:aws:s3:::bucket-name/*",
|
||||||
|
"arn:aws:s3:::bucket-name"
|
||||||
|
],
|
||||||
|
"Action": [
|
||||||
|
"s3:ListBucket",
|
||||||
|
"s3:GetBucketLocation",
|
||||||
|
"s3:ListBucketMultipartUploads"
|
||||||
|
],
|
||||||
|
"Effect": "Deny"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"NotResource": [
|
||||||
|
"arn:aws:s3:::bucket-name/*",
|
||||||
|
"arn:aws:s3:::bucket-name"
|
||||||
|
],
|
||||||
|
"Action": "s3:*",
|
||||||
|
"Effect": "Deny"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"Version": "2012-10-17"
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue