檢視授權 - Amazon Simple Storage Service

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

檢視授權

您可以使用 Amazon S3 主控台、 AWS Command Line Interface (AWS CLI)API、Amazon S3 REST 和 ,在 Amazon S3Amazon S3 Access Grants 執行個體中檢視存取授予的詳細資訊 AWS SDKs。

檢視存取授權的詳細資訊

  1. 登入 AWS Management Console 並在 開啟 Amazon S3 主控台https://console.aws.amazon.com/s3/

  2. 在左側導覽窗格中,選擇 Access Grants

  3. S3 Access Grants 頁面上,選擇包含您要使用之 S3 Access Grants 執行個體的區域。

  4. 選擇執行個體的檢視詳細資訊

  5. 在詳細資訊頁面上,選擇授權索引標籤。

  6. 授權區段中,尋找您要檢視的存取授權。若要篩選授權清單,請使用搜尋方塊。

若要安裝 AWS CLI,請參閱 使用者指南 中的安裝 AWS CLIAWS Command Line Interface

若要使用下列範例命令,請將 user input placeholders 取代為您自己的資訊。

範例 – 取得存取授權的詳細資訊
aws s3control get-access-grant \
--account-id 111122223333 \
--access-grant-id a1b2c3d4-5678-90ab-cdef-EXAMPLE22222

回應:

{
    "CreatedAt": "2023-05-31T18:41:34.663000+00:00",
    "AccessGrantId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
    "AccessGrantArn": "arn:aws:s3:us-east-2:111122223333:access-grants/default/grant-a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
    "Grantee": {
        "GranteeType": "IAM",
        "GranteeIdentifier": "arn:aws:iam::111122223333:user/data-consumer-3"
    },
    "Permission": "READ",
    "AccessGrantsLocationId": "12a6710f-5af8-41f5-b035-0bc795bf1a2b",
    "AccessGrantsLocationConfiguration": {
        "S3SubPrefix": "prefixB*"
    },
    "GrantScope": "s3://amzn-s3-demo-bucket/"
}
範例 – 列出 S3 Access Grants 執行個體中的所有存取授權

您可以選擇性地使用下列參數,將結果限制為 S3 字首或 AWS Identity and Access Management (IAM) 身分:

  • 子字首--grant-scope s3://bucket-name/prefix*

  • IAM identity--grantee-type IAM--grantee-identifier arn:aws:iam::123456789000:role/accessGrantsConsumerRole

aws s3control list-access-grants \
--account-id 111122223333

回應:

{
    "AccessGrantsList": [{"CreatedAt": "2023-06-14T17:54:46.542000+00:00",
            "AccessGrantId": "dd8dd089-b224-4d82-95f6-975b4185bbaa",
            "AccessGrantArn": "arn:aws:s3:us-east-2:111122223333:access-grants/default/grant/dd8dd089-b224-4d82-95f6-975b4185bbaa",
            "Grantee": {
                "GranteeType": "IAM",
                "GranteeIdentifier": "arn:aws:iam::111122223333:user/data-consumer-3"
            },
            "Permission": "READ",
            "AccessGrantsLocationId": "23514a34-ea2e-4ddf-b425-d0d4bfcarda1",
            "GrantScope": "s3://amzn-s3-demo-bucket/prefixA*"
        },
        {"CreatedAt": "2023-06-24T17:54:46.542000+00:00",
            "AccessGrantId": "ee8ee089-b224-4d72-85f6-975b4185a1b2",
            "AccessGrantArn": "arn:aws:s3:us-east-2:111122223333:access-grants/default/grant/ee8ee089-b224-4d72-85f6-975b4185a1b2",
            "Grantee": {
                "GranteeType": "IAM",
                "GranteeIdentifier": "arn:aws:iam::111122223333:user/data-consumer-9"
            },
            "Permission": "READ",
            "AccessGrantsLocationId": "12414a34-ea2e-4ddf-b425-d0d4bfcacao0",
            "GrantScope": "s3://amzn-s3-demo-bucket/prefixB*"
        },

    ]
}

您可以使用 Amazon S3 API操作來檢視存取授予的詳細資訊,並列出 S3 Access Grants 執行個體中的所有存取授予。如需管理存取授與RESTAPI支援的相關資訊,請參閱 Amazon Simple Storage Service API參考 中的下列章節:

本節提供如何使用 取得存取權授予詳細資訊的範例 AWS SDKs。

若要使用下列範例,請以您自己的資訊取代 user input placeholders

Java

範例 – 取得存取授權的詳細資訊
public void getAccessGrant() {
GetAccessGrantRequest getRequest = GetAccessGrantRequest.builder()
.accountId("111122223333")
.accessGrantId("a1b2c3d4-5678-90ab-cdef-EXAMPLE22222")
.build();
GetAccessGrantResponse getResponse = s3Control.getAccessGrant(getRequest);
LOGGER.info("GetAccessGrantResponse: " + getResponse);
}

回應:

GetAccessGrantResponse(
CreatedAt=2023-06-07T05:20:26.330Z,
AccessGrantId=a1b2c3d4-5678-90ab-cdef-EXAMPLE22222,
AccessGrantArn=arn:aws:s3:us-east-2:111122223333:access-grants/default/grant-fd3a5086-42f7-4b34-9fad-472e2942c70e,
Grantee=Grantee(
GranteeType=IAM,
GranteeIdentifier=arn:aws:iam::111122223333:user/data-consumer-3
),
Permission=READ,
AccessGrantsLocationId=12a6710f-5af8-41f5-b035-0bc795bf1a2b,
AccessGrantsLocationConfiguration=AccessGrantsLocationConfiguration(
S3SubPrefix=prefixB*
),
GrantScope=s3://amzn-s3-demo-bucket/ 
)
範例 – 列出 S3 Access Grants 執行個體中的所有存取授權

您可以選擇性地使用這些參數,將結果限制為 S3 字首或IAM身分:

  • 範圍GrantScope=s3://bucket-name/prefix*

  • 承授者GranteeType=IAMGranteeIdentifier= arn:aws:iam::111122223333:role/accessGrantsConsumerRole

public void listAccessGrants() {
ListAccessGrantsRequest listRequest = ListAccessGrantsRequest.builder()
.accountId("111122223333")
.build();
ListAccessGrantsResponse listResponse = s3Control.listAccessGrants(listRequest);
LOGGER.info("ListAccessGrantsResponse: " + listResponse);
}

回應:

ListAccessGrantsResponse(
AccessGrantsList=[
ListAccessGrantEntry(
CreatedAt=2023-06-14T17:54:46.540z,
AccessGrantId=dd8dd089-b224-4d82-95f6-975b4185bbaa,
AccessGrantArn=arn:aws:s3:us-east-2:111122223333:access-grants/default/grant/dd8dd089-b224-4d82-95f6-975b4185bbaa,
Grantee=Grantee(
GranteeType=IAM, GranteeIdentifier= arn:aws:iam::111122223333:user/data-consumer-3
),
Permission=READ,
AccessGrantsLocationId=23514a34-ea2e-4ddf-b425-d0d4bfcarda1,
GrantScope=s3://amzn-s3-demo-bucket/prefixA 
),
ListAccessGrantEntry(
CreatedAt=2023-06-24T17:54:46.540Z,
AccessGrantId=ee8ee089-b224-4d72-85f6-975b4185a1b2,
AccessGrantArn=arn:aws:s3:us-east-2:111122223333:access-grants/default/grant/ee8ee089-b224-4d72-85f6-975b4185a1b2,
Grantee=Grantee(
GranteeType=IAM, GranteeIdentifier= arn:aws:iam::111122223333:user/data-consumer-9
),
Permission=READ,
AccessGrantsLocationId=12414a34-ea2e-4ddf-b425-d0d4bfcacao0,
GrantScope=s3://amzn-s3-demo-bucket/prefixB* 
)
]
)