forked from unitoo/configurations
feature: IAM Policies S3 Wasabi compatibles
This commit is contained in:
parent
c56954a92a
commit
73185baeac
3 changed files with 47 additions and 0 deletions
7
IAM/README.md
Normal file
7
IAM/README.md
Normal file
|
@ -0,0 +1,7 @@
|
|||
# IAM Policies
|
||||
|
||||
Actually those policies are tested on Wasabi S3 account.
|
||||
|
||||
## Limitations
|
||||
|
||||
* The policy `user_allow_specific_bucket.json` doesn't allow console operations
|
15
IAM/user_allow_specific_bucket.json
Normal file
15
IAM/user_allow_specific_bucket.json
Normal file
|
@ -0,0 +1,15 @@
|
|||
{
|
||||
"Statement": [
|
||||
{
|
||||
"Resource": [
|
||||
"arn:aws:s3:::bucket-name/*",
|
||||
"arn:aws:s3:::bucket-name"
|
||||
],
|
||||
"Action": [
|
||||
"s3:*"
|
||||
],
|
||||
"Effect": "Allow"
|
||||
}
|
||||
],
|
||||
"Version": "2012-10-17"
|
||||
}
|
25
IAM/user_deny_explicitly_all_excluding_bucket.json
Normal file
25
IAM/user_deny_explicitly_all_excluding_bucket.json
Normal file
|
@ -0,0 +1,25 @@
|
|||
{
|
||||
"Statement": [
|
||||
{
|
||||
"NotResource": [
|
||||
"arn:aws:s3:::bucket-name/*",
|
||||
"arn:aws:s3:::bucket-name"
|
||||
],
|
||||
"Action": [
|
||||
"s3:ListBucket",
|
||||
"s3:GetBucketLocation",
|
||||
"s3:ListBucketMultipartUploads"
|
||||
],
|
||||
"Effect": "Deny"
|
||||
},
|
||||
{
|
||||
"NotResource": [
|
||||
"arn:aws:s3:::bucket-name/*",
|
||||
"arn:aws:s3:::bucket-name"
|
||||
],
|
||||
"Action": "s3:*",
|
||||
"Effect": "Deny"
|
||||
}
|
||||
],
|
||||
"Version": "2012-10-17"
|
||||
}
|
Loading…
Reference in a new issue