I want to add the automatic key and value pair of TAG to be added with the object uploaded via AWS console , Example : when a IAM user uploads a file then by default the key has to be CREATEDBY and the value has to be his arn. I want this condition to be achieved because I want to restrict other users to see / download object uploaded by other IAM users in the same folder using iam user policy by checking object tag values, My requirement doesn't allow me to create multiple folder for different users as they are too many.
我想添加TAG的自动键和值对以及通过AWS控制台上传的对象,例如:当IAM用户上传文件时,默认情况下,键必须是CREATEDBY,值必须是他的arn。我想要实现这个条件因为我想通过检查对象标签值来限制其他用户使用iam用户策略查看/下载由同一文件夹中的其他IAM用户上传的对象,我的要求不允许我创建多个文件夹不同的用户,因为他们太多了。
1 个解决方案
#1
0
You can use a Lambda function that will be triggered when a new file is uploaded to your bucket. This function would in turn add the tag to the S3 object. Here's a tutorial to help you wire your S3 bucket to your Lambda function.
您可以使用将新文件上载到存储桶时触发的Lambda函数。此函数将依次将标记添加到S3对象。这是一个帮助您将S3存储桶连接到Lambda函数的教程。
The event you will receive in your Lambda will be structured like this. From within your Lambda, you can retrieve the principalId field, which will give you information about the user who created the S3 object, as well as the S3 object's key. You can then use that information to tag the S3 object.
您将在Lambda中收到的活动将按此结构化。在Lambda中,您可以检索principalId字段,该字段将为您提供有关创建S3对象的用户以及S3对象的密钥的信息。然后,您可以使用该信息标记S3对象。
#1
0
You can use a Lambda function that will be triggered when a new file is uploaded to your bucket. This function would in turn add the tag to the S3 object. Here's a tutorial to help you wire your S3 bucket to your Lambda function.
您可以使用将新文件上载到存储桶时触发的Lambda函数。此函数将依次将标记添加到S3对象。这是一个帮助您将S3存储桶连接到Lambda函数的教程。
The event you will receive in your Lambda will be structured like this. From within your Lambda, you can retrieve the principalId field, which will give you information about the user who created the S3 object, as well as the S3 object's key. You can then use that information to tag the S3 object.
您将在Lambda中收到的活动将按此结构化。在Lambda中,您可以检索principalId字段,该字段将为您提供有关创建S3对象的用户以及S3对象的密钥的信息。然后,您可以使用该信息标记S3对象。