示例1:
允许ip为 ip1,ip2的服务器对bucket1,bucket2进行读写
{
“Statement”: [
{
“Action”: “oss:*”,
“Effect”: “Allow”,
“Resource”: [
“acs:oss:::bucket1”,
“acs:oss:::bucket1/*”,
“acs:oss:::bucket2”,
“acs:oss:::bucket2/*”
],
“Condition”: {
“IpAddress”: {
“acs:SourceIp”: [
“ip1”,
“ip2”
]
}
}
}
],
“Version”: “1”
}
示例2:
允许ip为 ip1 的服务器对bucket1,bucket2进行读写
{
“Statement”: [
{
“Action”: “oss:*”,
“Effect”: “Allow”,
“Resource”: [
“acs:oss:::bucket1”,
“acs:oss:::bucket1/*”,
“acs:oss:::bucket2”,
“acs:oss:::bucket2/*”
],
“Condition”: {
“IpAddress”: {
“acs:SourceIp”: {
“ip1”}
]
}
}
}
],
“Version”: “1”
}
示例3, 不加IP限制的
{
“Statement”: [
{
“Action”: “oss:*”,
“Effect”: “Allow”,
“Resource”: [
“acs:oss:::bucket1”,
“acs:oss:::bucket1/*”
]
}
],
“Version”: “1”
}
注意事项:
如果只有一个条件例用{},如果多个条件则使用 []
编写一个合理的 OSS 策略文件能够有效的防止oss 拖库事件的发生