ポリシーでは、Action要素を使用してリソースに対する権限を許可または拒否します。ポリシーで指定できる一連の権限が用意されており、それらを「Action」要素または「NotAction」要素(除外の場合)で指定します。それぞれがS3 REST APIの特定の処理に対応しています。
次の表に、バケットに適用される権限とオブジェクトに適用される権限を示します。
| 権限 | S3 REST APIの処理 | StorageGRID Webscaleのカスタム設定 |
|---|---|---|
| s3:CreateBucket | PUT Bucket | |
| s3:DeleteBucket | DELETE Bucket | |
| s3:DeleteBucketMetadataNotification | DELETE Bucket metadata notification configuration | ○ |
| s3:DeleteBucketPolicy | DELETE Bucket policy | |
| s3:GetBucketAcl | GET Bucket ACL | |
| s3:GetBucketCompliance | GET Bucket compliance | ○ |
| s3:GetBucketConsistency | GET Bucket consistency | ○ |
| s3:GetBucketCORS | GET Bucket cors | |
| s3:GetBucketLastAccessTime | GET Bucket last access time | ○ |
| s3:GetBucketLocation | GET Bucket location | |
| s3:GetBucketMetadataNotification | GET Bucket metadata notification configuration | ○ |
| s3:GetBucketNotification | GET Bucket notification | |
| s3:GetBucketPolicy | GET Bucket policy | |
| s3:GetBucketReplication | GET Bucket replication | |
| s3:GetBucketVersioning | GET Bucket versioning | |
| s3:ListAllMyBuckets | GET Service、GET Storage Usage | ○(GET Storage Usage) |
| s3:ListBucket | GET Bucket (List Objects)、HEAD Bucket | |
| s3:ListBucketMultipartUploads | List Multipart Uploads | |
| s3:ListBucketVersions | GET Bucket versions | |
| s3:PutBucketCompliance | PUT Bucket compliance | ○ |
| s3:PutBucketConsistency | PUT Bucket consistency | ○ |
| s3:PutBucketCORS | DELETE Bucket cors PUT Bucket cors |
|
| s3:PutBucketLastAccessTime | PUT Bucket last access time | ○ |
| s3:PutBucketMetadataNotification | PUT Bucket metadata notification configuration | ○ |
| s3:PutBucketNotification | PUT Bucket notification | |
| s3:PutBucketPolicy | PUT Bucket policy | |
| s3:PutBucketReplication | PUT Bucket replication | |
| s3:PutBucketVersioning | PUT Bucket versioning |
| 権限 | S3 REST APIの処理 | StorageGRID Webscaleのカスタム設定 |
|---|---|---|
| s3:AbortMultipartUpload | Abort Multipart Upload | |
| s3:DeleteObject | DELETE Object、DELETE Multiple Objects | |
| s3:DeleteObjectTagging | DELETE Object Tagging | |
| s3:DeleteObjectVersionTagging | DELETE Object Tagging(オブジェクトの特定のバージョン) | |
| s3:DeleteObjectVersion | DELETE Object(オブジェクトの特定のバージョン) | |
| s3:GetObject | GET Object、HEAD Object | |
| s3:GetObjectAcl | GET Object ACL | |
| s3:GetObjectTagging | GET Object Tagging | |
| s3:GetObjectVersionTagging | GET Object Tagging(オブジェクトの特定のバージョン) | |
| s3:GetObjectVersion | GET Object(オブジェクトの特定のバージョン) | |
| s3:ListMultipartUploadParts | List Parts | |
| s3:PutObject | PUT Object、PUT Object - Copy、Initiate Multipart Upload、Complete Multipart Upload、Upload Part、Upload Part - Copy | |
| s3:PutObjectTagging | PUT Object Tagging | |
| s3:PutObjectVersionTagging | PUT Object Tagging(オブジェクトの特定のバージョン) | |
| s3:PutOverwriteObject | PUT Object、PUT Object - Copy、PUT Object tagging、DELETE Object tagging、Complete Multipart Upload | ○ |