I want to deny deletes on one of my buckets. I tried to run "s3cmd
setpolicy". I tried two configs (json files). I do not get any error code
and when I try to do getpolicy I see the same json. However, when I delete
objects present in the bucket I am able to delete the object. Please let me
know where am I going wrong.
Here are the two policy json files:
1. POLICY FILE 1
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:DeleteObject",
"Resource": [
"arn:aws:s3:::my-new-bucket3/*"
]
}]
}
2. POLICY FILE 2
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:GetObjectAcl",
"s3:PutObjectAcl",
"s3:ListBucket",
"s3:GetBucketAcl",
"s3:PutBucketAcl",
"s3:GetBucketLocation"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*"
},
{
"Effect": "Deny",
"Action": [
"s3:DeleteBucket",
"s3:DeleteBucketPolicy",
"s3:DeleteBucketWebsite",
"s3:DeleteObject",
"s3:DeleteObjectVersion"
],
"Resource": "arn:aws:s3:::my-new-bucket3/*"
}
]
}
Command used: s3cmd setpolicy examplepol s3://my-new-bucket3
where, exampol file contains either (1) or (2) of the above policy stmts.
--
Regards,
Priya
_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
