适用于SQS的AWS IAM策略(AWS IAM policy for SQS)
我正在尝试向现有的iam用户添加一个策略,该用户可以在两个s3存储桶中执行crud,这是当前的工作策略
{ "Version": "2012-10-17", "Statement": [ { "Sid": "devcontrol", "Effect": "Allow", "Action": [ "s3:Get*", "s3:Put*", "s3:DeleteObject", "s3:DeleteObjectVersion" ], "Resource": [ "arn:aws:s3:::blahimages/*", "arn:aws:s3:::blahvideos/*" ] } ] }
来自sqs文档的示例策略是这样的
{ "Version": "2012-10-17", "Statement":[{ "Effect":"Allow", "Action":"sqs:*", "Resource":"arn:aws:sqs:*:123456789012:bob_queue*" } ] }
所以我尝试了这个
{ "Version": "2012-10-17", "Statement": [ { "Sid": "devcontrol", "Effect": "Allow", "Action": [ "s3:Get*", "s3:Put*", "s3:DeleteObject", "s3:DeleteObjectVersion" ], "Resource": [ "arn:aws:s3:::blahimages/*", "arn:aws:s3:::blahvideos/*" ] }, { "Effect":"Allow", "Action":"sqs:*", "Resource":"arn:aws:sqs:*:myarn" } ] }
我没有得到任何分析错误,但模拟器仍然拒绝sqs队列
也真的,我只是希望这个用户能够将消息添加到队列中,接收并删除它们,而上述策略会添加所有我相信的操作
I am trying to add a policy to an existing iam user that can already perform crud on two s3 buckets here is the currently working policy
{ "Version": "2012-10-17", "Statement": [ { "Sid": "devcontrol", "Effect": "Allow", "Action": [ "s3:Get*", "s3:Put*", "s3:DeleteObject", "s3:DeleteObjectVersion" ], "Resource": [ "arn:aws:s3:::blahimages/*", "arn:aws:s3:::blahvideos/*" ] } ] }
An example policy from the documents for sqs is this
{ "Version": "2012-10-17", "Statement":[{ "Effect":"Allow", "Action":"sqs:*", "Resource":"arn:aws:sqs:*:123456789012:bob_queue*" } ] }
So I tried this
{ "Version": "2012-10-17", "Statement": [ { "Sid": "devcontrol", "Effect": "Allow", "Action": [ "s3:Get*", "s3:Put*", "s3:DeleteObject", "s3:DeleteObjectVersion" ], "Resource": [ "arn:aws:s3:::blahimages/*", "arn:aws:s3:::blahvideos/*" ] }, { "Effect":"Allow", "Action":"sqs:*", "Resource":"arn:aws:sqs:*:myarn" } ] }
I did not get any parse errors but the simulator was still returning denied for the sqs queue
Also really I just want this user to be able to add messages to the queue, receive them and delete them whereas the above policy would add all actions I believe
原文:https://stackoverflow.com/questions/22617042
最满意答案
wap.hackbase.com一般用手机是登不进去的
其他回答
手机用uc软件来登可以
www.hackervip.com 再看看别人怎么说的。