本文介绍了使用aws cli向现有的S3存储桶策略中添加一条语句的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
假设我已经有一个附加到存储桶的策略,例如:
Assuming I already have a policy attached to a bucket, in the likes of:
{
"Version": "2012-10-17",
"Id": "123",
"Statement": [
{
"Effect": "Deny",
"Principal": {
"AWS": "arn:aws:iam::9876543211:someuser"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
]
}
]
}
我想更新此策略,以便实施SSL(即,我希望上述语句保持不变).
I want to update this policy, so that I enforce SSL (i.e. I want the statement above to remain intact).
如何使用aws
cli,这样我的策略最终看起来像这样:
How can I use aws
cli so that my policy ends up looking like this:
{
"Version": "2012-10-17",
"Id": "123",
"Statement": [
{
"Effect": "Deny",
"Principal": {
"AWS": "arn:aws:iam::9876543211:someuser"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
]
},
{
"Action": "s3:*",
"Effect":"Deny",
"Principal": "*",
"Resource":"arn:aws:s3:::my-bucket/*",
"Condition":{
"Bool":
{ "aws:SecureTransport": false }
}
}
]
}
推荐答案
如果要附加\更新内联策略,可以使用 aws iam put-role-policy 命令.
In case you want to attach\update Inline policy, You can use the aws iam put-role-policy command.
说明:
用法:
cat > policy-name.json << EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1572432380474",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::my-bucket/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
EOF
aws iam put-role-policy \
--role-name ${ROLE_NAME} \
--policy-name policy-name \
--policy-document file://policy-name.json
如果要更新托管策略,请使用 aws Organization update-policy 命令.
In case you want to update Managed policy, use aws organizations update-policy command.
说明:
用法:
aws organizations update-policy \
--policy-id policy-id \
--content "{
"Version": "2012-10-17",
"Id": "123",
"Statement": [
{
"Effect": "Deny",
"Principal": {
"AWS": "arn:aws:iam::9876543211:someuser"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
]
},
{
"Action": "s3:*",
"Effect":"Deny",
"Principal": "*",
"Resource":"arn:aws:s3:::my-bucket/*",
"Condition":{
"Bool":
{ "aws:SecureTransport": false }
}
}
]
}
"
这篇关于使用aws cli向现有的S3存储桶策略中添加一条语句的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!