I have a policy that allows access to 1 bucket:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::MYBUCKETNAME"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::MYBUCKETNAME/*"
}
]
}
I'm curious how I allow access to multiple buckets? I don't want to allow access to all buckets, however. Do I literally just double the 2 sub-sections of the "Statement" section?
Also the buckets I need to grant access to will have a pattern to their name, say something like this:
abc-xyz-client
Where client will always be something different. Is it easier to add some sort of wildcard access?
解决方案
The Resource key's value can be an array of buckets.
e.g.
"Resource" : ["arn:aws:s3:::MYBUCKETNAME", "arn:aws:s3:::MYBUCKETNAME2"]