提要
很多时候我们有这样的需求:为了安全期间只限制或允许某个或者多个IP上传文件。
配置如下
{
"Statement": [
{
"Action": "oss:*",
"Effect": "Allow",
"Resource": [
"acs:oss:*:*:file-exchange-system/upload/56d4093264104b078e5ae141bd484104p/*",
"acs:oss:*:*:file-exchange-system/upload/d6b025b7f0034e61971984010652e4c2p/*"
],
"Condition": {
"IpAddress": {
"acs:SourceIp": ["222.73.109.218", "112.65.248.146 ","222.73.109.226","222.73.109.10 ","203.110.168.2","203.110.168.3","203.110.168.4","140.207.213.146","140.207.213.147","140.207.213.148"]
}
}
},
{
"Effect": "Allow",
"Action": [
"oss:ListObjects"
],
"Resource": [
"acs:oss:*:*:file-exchange-system"
],
"Condition": {
"StringLike": {
"oss:Prefix": [
"upload/56d4093264104b078e5ae141bd484104p/*",
"upload/d6b025b7f0034e61971984010652e4c2p/*"
]
},
"IpAddress": {
"acs:SourceIp": ["222.73.109.218", "112.65.248.146 ","222.73.109.226","222.73.109.10 ","203.110.168.2","203.110.168.3","203.110.168.4","140.207.213.146","140.207.213.147","140.207.213.148"]
}
}
}
],
"Version": "1"
}
还有这样的需求
只允许一个网段
"acs:SourceIp": ["42.120.88.10", "42.120.66.0/24"]
继续阅读
- 我的QQ
- QQ扫一扫
-
- 我的头条
- 头条扫一扫
-
评论