我找不到S3 BucketPolicy的示例,该示例仅允许EMR从中读取数据。 EMR将与S3在同一帐户中。有人有什么要分享的例子吗?
我想这会起作用。
{
"Id": "Policy1590853624822",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1590853089180",
"Action": "s3:*",
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
],
"Principal": "*"
},
{
"Sid": "Stmt1590853616750",
"Action": "s3:*",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
],
"Principal": {
"AWS": [
"arn:aws:elasticmapreduce:us-east-1:1234567890:cluster/*"
]
}
}
]
}
您可以创建自己的策略here in aws policy generator