进入S3对应的存储桶,上面选项选权限,存储桶策略 -- 编辑,输入对应的policy。
完全控制,包含上传删除权限,policy如下:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "cross",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789:root"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::bucket",
"arn:aws:s3:::bucket/*"
]
}
]
}只读权限policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789:root"
},
"Action": "S3:ListBucket",
"Resource": "arn:aws:s3:::bucket",
"Condition": {}
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789:root"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucket/*",
"Condition": {}
}
]
}其中:
arn:aws:iam::123456789:root --> 123456789替换为对方aws 账户id
arn:aws:s3:::bucket --> bucket替换为共享的S3存储桶名
然后对方账户下即可通过IAM或者Role访问这个S3