IAM JSON 策略元素:Statement - AWS Identity and Access Management

IAM JSON 策略元素:Statement

Statement 元素为策略的主要元素。该元素为必填项。Statement 元素可以包含一条语句或由单独语句组成的数组。每条单独的语句块必须用大括号 { } 括起来。对于多条语句,数组必须用方括号 [ ] 括起来。

"Statement": [{...},{...},{...}]

在下列示例所列举的策略中,在单一 Statement 元素内包含一个有三份声明的数组。(该策略允许您在 Amazon S3 控制台中访问您自己的“主文件夹”。) 该策略包含 aws:username 变量,在策略评估期间它将被替换为请求中的用户名称。有关更多信息,请参阅 简介

JSON
{
  "Version":"2012-10-17",		 	 	 
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListAllMyBuckets",
        "s3:GetBucketLocation"
      ],
      "Resource": "arn:aws:s3:::*"
    },
    {
      "Effect": "Allow",
      "Action": "s3:ListBucket",
      "Resource": "arn:aws:s3:::amzn-s3-demo-bucket",
      "Condition": {"StringLike": {"s3:prefix": [
        "",
        "home/",
        "home/${aws:username}/"
      ]}}
    },
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::amzn-s3-demo-bucket/home/${aws:username}",
        "arn:aws:s3:::amzn-s3-demo-bucket/home/${aws:username}/*"
      ]
    }
  ]
}