S3-Bucket创建的执行标签
我一直在尝试创建IAM策略来为S3资源执行标签。 政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Deny",
"Action": [
"s3:CreateBucket"
],
"Resource": "*",
"Condition": {
"Null": {
"aws:RequestTag/Tag1": "true"
}
}
},
{
"Sid": "VisualEditor1",
"Effect": "Deny",
"Action": [
"s3:CreateBucket"
],
"Resource": "*",
"Condition": {
"Null": {
"aws:RequestTag/Tag2": "true"
}
}
}
]
}
此条件适用于EC2和EB,但在这里失败了以下消息:
什么是此处的错误,我还需要为S3 Resources执行哪些其他权限?
对不起,我看到了一些问题,但是没有一个真正回答我的问题。
I have been trying to create an IAM policy to enforce tagging for S3 resources.
The policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Deny",
"Action": [
"s3:CreateBucket"
],
"Resource": "*",
"Condition": {
"Null": {
"aws:RequestTag/Tag1": "true"
}
}
},
{
"Sid": "VisualEditor1",
"Effect": "Deny",
"Action": [
"s3:CreateBucket"
],
"Resource": "*",
"Condition": {
"Null": {
"aws:RequestTag/Tag2": "true"
}
}
}
]
}
This condition works for the EC2 and EB, but here it fails with the following message:
What is the error here, and what other permissions do I need to enforce tagging for S3 resources?
Sorry, I saw some questions alike mine, but none really answers my question.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
createBucket api不支持标签。必须以 putbuckettagging 。
因此,据我所知,您无法在创建上执行标签。您可以实施一些反应性过程,例如定期扫描桶以确保正确的标记。
The CreateBucket API doesn't support tags. They have to be added later via PutBucketTagging.
Consequently, you cannot enforce tags on creation, to the best of my knowledge. You could implement some reactive process, e.g. scan buckets periodically to ensure proper tagging.