本文介绍了django存储对s3 IAM用户需要哪些权限?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

问题是,锁定的s3 IAM用户成功使用django-storage的最低要求是多少?目前我已经使用了一些类似于

As the question asks, what are the minimum required permissions for a locked down s3 IAM user to use django-storages successfully? At the present time I've used something like

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:ListAllMyBuckets"],
      "Resource": "arn:aws:s3:::*"
    },
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket",
                 "s3:GetBucketLocation",
                 "s3:ListBucketMultipartUploads",
                 "s3:ListBucketVersions"],
      "Resource": "arn:aws:s3:::bucket-name"
    },
    {
      "Effect": "Allow",
      "Action": ["s3:*Object*",
                 "s3:ListMultipartUploadParts",
                 "s3:AbortMultipartUpload"],
      "Resource": "arn:aws:s3:::bucket-name/*"
    }
  ]
}

其实可能是过度的。任何进一步的想法?

Which may actually be overkill. Any further ideas?

推荐答案

Fiver的答案不足以在django-storages中运行collectstatic。我使用jvc26做的一切,除了s3:ListAllMyBuckets。我会假设s3:ListBucketVersions也不需要。

Fiver's answer is not enough to run collectstatic in django-storages. I used everything jvc26 did except for s3:ListAllMyBuckets. I would assume s3:ListBucketVersions is not needed either.

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket",
                 "s3:GetBucketLocation",
                 "s3:ListBucketMultipartUploads",
                 "s3:ListBucketVersions"],
      "Resource": "arn:aws:s3:::bucket-name"
    },
    {
      "Effect": "Allow",
      "Action": ["s3:*Object*",
                 "s3:ListMultipartUploadParts",
                 "s3:AbortMultipartUpload"],
      "Resource": "arn:aws:s3:::bucket-name/*"
    }
  ]
}

这篇关于django存储对s3 IAM用户需要哪些权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-23 19:34