示例: AppStream 2.0 弹性舰队会话脚本 Amazon S3 存储桶策略跨服务混淆副手预防 - 亚马逊 AppStream 2.0

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

示例: AppStream 2.0 弹性舰队会话脚本 Amazon S3 存储桶策略跨服务混淆副手预防

aws:SourceAccount 条件:
JSON
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "appstream.amazonaws.com"
                ]
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::your-bucket-name/your-session-script-path",
            "Condition": {
                "StringEquals": {
                    "aws:SourceAccount": "your AWS 账户 ID"
                } 
            }
        }
    ]
}
aws:SourceArn 条件:
JSON
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "appstream.amazonaws.com"
                ]
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucket/AppStream2/*",
            "Condition": {
                "ArnLike": {
                "aws:SourceArn": "arn:aws:appstream:us-east-1:111122223333:fleet/yourFleetName"
                }
            }
        }
    ]
}