一、介紹

通常我們在使用minio的時候，需要添加用戶，并且給用戶授予相應(yīng)桶的權(quán)限。本地主要介紹單獨給桶設(shè)置policy的相關(guān)權(quán)限（讀寫，只讀，只寫），同時給用戶賦予相應(yīng)的Policy。最終達到給用戶賦予某個桶獨立的讀寫、只讀、只寫權(quán)限。

a、添加policy

1、選擇IAM Policies菜單

2、創(chuàng)建Policy

3、輸入Policy的名字

4、輸入Policy的內(nèi)容，例子中的是讀寫權(quán)限，可以從文章的第二節(jié)中去復(fù)制內(nèi)容。

本文的二，三，四節(jié)是專門介紹單獨某個桶的讀寫，只讀，只寫權(quán)限的Policy設(shè)置的。使用的時候可以拷貝。

b、添加用戶并賦予policy權(quán)限

1、選擇用戶菜單

2、創(chuàng)建用戶

3、設(shè)置access key(程序中往往會使用)

4、設(shè)置secret key(程序中往往會使用)

5、為該用戶選擇policy?

?

二、獨立桶[IAM Policies]設(shè)置之readwrite

需要修改對應(yīng)的桶名字，本文列子中的桶名字為bucket-demo

總共有3處桶名字需要修改

?

?全量的代碼如下

{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": {"AWS": ["*"]},"Action": ["s3:GetBucketLocation","s3:ListBucketMultipartUploads"],"Resource": ["arn:aws:s3:::bucket-demo"]},{"Effect": "Allow","Principal": {"AWS": ["*"]},"Action": ["s3:ListBucket"],"Resource": ["arn:aws:s3:::bucket-demo"],"Condition": {"StringEquals": {"s3:prefix": ["*"]}}},{"Effect": "Allow","Principal": {"AWS": ["*"]},"Action": ["s3:GetObject","s3:ListMultipartUploadParts","s3:PutObject","s3:AbortMultipartUpload","s3:DeleteObject"],"Resource": ["arn:aws:s3:::bucket-demo/**"]}] }

三、獨立桶[IAM Policies]設(shè)置之readonly

需要修改3處桶的名字，下圖中用數(shù)字標(biāo)出了。

?

readonly的全量代碼

{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": {"AWS": ["*"]},"Action": ["s3:GetBucketLocation"],"Resource": ["arn:aws:s3:::bucket-demo"]},{"Effect": "Allow","Principal": {"AWS": ["*"]},"Action": ["s3:ListBucket"],"Resource": ["arn:aws:s3:::bucket-demo"],"Condition": {"StringEquals": {"s3:prefix": ["*"]}}},{"Effect": "Allow","Principal": {"AWS": ["*"]},"Action": ["s3:GetObject"],"Resource": ["arn:aws:s3:::bucket-demo/**"]}] }

?四、獨立桶[IAM Policies]設(shè)置之writeonly

有2處桶名字需要修改

?writeonly全量代碼

{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": {"AWS": ["*"]},"Action": ["s3:GetBucketLocation","s3:ListBucketMultipartUploads"],"Resource": ["arn:aws:s3:::bucket-demo"]},{"Effect": "Allow","Principal": {"AWS": ["*"]},"Action": ["s3:AbortMultipartUpload","s3:DeleteObject","s3:ListMultipartUploadParts","s3:PutObject"],"Resource": ["arn:aws:s3:::bucket-demo/**"]}] }

總結(jié)

以上是生活随笔為你收集整理的minio权限之IAM policy配置及用户赋权的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。