I am using getObject and putObject requests on Amazon S3 and in creating a policy for access to the bucket I discovered that if I don't allow listBucket I get an 'access denied' error.
The problem with this is that listBucket means a user can list the keys in a bucket and this presents a security threat.
Is it possible to allow getObject and putObject without allowing listBucket? or is there a workaround for this?
Here is the policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt##",
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::myBucket"
]
},
{
"Sid": "Stmt##",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::myBucket/*"
]
}
]
}
Aucun commentaire:
Enregistrer un commentaire