檢視授權 - Amazon Simple Storage Service

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

檢視授權

您可以使用 Amazon S3 主控台、 AWS Command Line Interface (AWS CLI)、Amazon S3 REST API 和 AWS SDKs,在 Amazon S3 Amazon S3 Access Grants 執行個體中檢視存取授權的詳細資訊。

檢視存取授權的詳細資訊

  1. 登入 AWS Management Console 並開啟位於 https://https://console.aws.amazon.com/s3/ 的 Amazon S3 主控台。

  2. 在左側導覽窗格中,選擇 Access Grants

  3. S3 Access Grants 頁面上,選擇包含您要使用之 S3 Access Grants 執行個體的區域。

  4. 選擇執行個體的檢視詳細資訊

  5. 在詳細資訊頁面上,選擇授權索引標籤。

  6. 授權區段中,尋找您要檢視的存取授權。若要篩選授權清單,請使用搜尋方塊。

若要安裝 AWS CLI,請參閱AWS Command Line Interface 《 使用者指南》中的安裝 AWS CLI

若要使用下列範例命令,請將 user input placeholders 取代為您自己的資訊。

範例 – 取得存取授權的詳細資訊
aws s3control get-access-grant \
--account-id 111122223333 \
--access-grant-id a1b2c3d4-5678-90ab-cdef-EXAMPLE22222

回應:

{
    "CreatedAt": "2023-05-31T18:41:34.663000+00:00",
    "AccessGrantId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
    "AccessGrantArn": "arn:aws:s3:us-east-2:111122223333:access-grants/default/grant-a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
    "Grantee": {
        "GranteeType": "IAM",
        "GranteeIdentifier": "arn:aws:iam::111122223333:user/data-consumer-3"
    },
    "Permission": "READ",
    "AccessGrantsLocationId": "12a6710f-5af8-41f5-b035-0bc795bf1a2b",
    "AccessGrantsLocationConfiguration": {
        "S3SubPrefix": "prefixB*"
    },
    "GrantScope": "s3://amzn-s3-demo-bucket/"
}
範例 – 列出 S3 Access Grants 執行個體中的所有存取授權

您可以選擇使用以下參數,將結果限制為 S3 字首或 AWS Identity and Access Management (IAM) 身分:

  • 子字首--grant-scope s3://bucket-name/prefix*

  • IAM 身分--grantee-type IAM--grantee-identifier arn:aws:iam::123456789000:role/accessGrantsConsumerRole

aws s3control list-access-grants \
--account-id 111122223333

回應:

{
    "AccessGrantsList": [{"CreatedAt": "2023-06-14T17:54:46.542000+00:00",
            "AccessGrantId": "dd8dd089-b224-4d82-95f6-975b4185bbaa",
            "AccessGrantArn": "arn:aws:s3:us-east-2:111122223333:access-grants/default/grant/dd8dd089-b224-4d82-95f6-975b4185bbaa",
            "Grantee": {
                "GranteeType": "IAM",
                "GranteeIdentifier": "arn:aws:iam::111122223333:user/data-consumer-3"
            },
            "Permission": "READ",
            "AccessGrantsLocationId": "23514a34-ea2e-4ddf-b425-d0d4bfcarda1",
            "GrantScope": "s3://amzn-s3-demo-bucket/prefixA*"
        },
        {"CreatedAt": "2023-06-24T17:54:46.542000+00:00",
            "AccessGrantId": "ee8ee089-b224-4d72-85f6-975b4185a1b2",
            "AccessGrantArn": "arn:aws:s3:us-east-2:111122223333:access-grants/default/grant/ee8ee089-b224-4d72-85f6-975b4185a1b2",
            "Grantee": {
                "GranteeType": "IAM",
                "GranteeIdentifier": "arn:aws:iam::111122223333:user/data-consumer-9"
            },
            "Permission": "READ",
            "AccessGrantsLocationId": "12414a34-ea2e-4ddf-b425-d0d4bfcacao0",
            "GrantScope": "s3://amzn-s3-demo-bucket/prefixB*"
        },

    ]
}

您可以使用 Amazon S3 API 操作來檢視存取授權的詳細資訊,並列出 S3 Access Grants 執行個體中的所有存取授權。如需有關管理存取授權的 REST API 支援資訊,請參閱《Amazon Simple Storage Service API 參考》中的下列各節:

本節提供如何使用 AWS SDKs 取得存取授權詳細資訊的範例。

若要使用下列範例,請以您自己的資訊取代 user input placeholders

Java

範例 – 取得存取授權的詳細資訊
public void getAccessGrant() {
GetAccessGrantRequest getRequest = GetAccessGrantRequest.builder()
.accountId("111122223333")
.accessGrantId("a1b2c3d4-5678-90ab-cdef-EXAMPLE22222")
.build();
GetAccessGrantResponse getResponse = s3Control.getAccessGrant(getRequest);
LOGGER.info("GetAccessGrantResponse: " + getResponse);
}

回應:

GetAccessGrantResponse(
CreatedAt=2023-06-07T05:20:26.330Z,
AccessGrantId=a1b2c3d4-5678-90ab-cdef-EXAMPLE22222,
AccessGrantArn=arn:aws:s3:us-east-2:111122223333:access-grants/default/grant-fd3a5086-42f7-4b34-9fad-472e2942c70e,
Grantee=Grantee(
GranteeType=IAM,
GranteeIdentifier=arn:aws:iam::111122223333:user/data-consumer-3
),
Permission=READ,
AccessGrantsLocationId=12a6710f-5af8-41f5-b035-0bc795bf1a2b,
AccessGrantsLocationConfiguration=AccessGrantsLocationConfiguration(
S3SubPrefix=prefixB*
),
GrantScope=s3://amzn-s3-demo-bucket/ 
)
範例 – 列出 S3 Access Grants 執行個體中的所有存取授權

您可以選擇使用這些參數將結果限於 S3 字首或 IAM 身分:

  • 範圍GrantScope=s3://bucket-name/prefix*

  • 承授者GranteeType=IAMGranteeIdentifier= arn:aws:iam::111122223333:role/accessGrantsConsumerRole

public void listAccessGrants() {
ListAccessGrantsRequest listRequest = ListAccessGrantsRequest.builder()
.accountId("111122223333")
.build();
ListAccessGrantsResponse listResponse = s3Control.listAccessGrants(listRequest);
LOGGER.info("ListAccessGrantsResponse: " + listResponse);
}

回應:

ListAccessGrantsResponse(
AccessGrantsList=[
ListAccessGrantEntry(
CreatedAt=2023-06-14T17:54:46.540z,
AccessGrantId=dd8dd089-b224-4d82-95f6-975b4185bbaa,
AccessGrantArn=arn:aws:s3:us-east-2:111122223333:access-grants/default/grant/dd8dd089-b224-4d82-95f6-975b4185bbaa,
Grantee=Grantee(
GranteeType=IAM, GranteeIdentifier= arn:aws:iam::111122223333:user/data-consumer-3
),
Permission=READ,
AccessGrantsLocationId=23514a34-ea2e-4ddf-b425-d0d4bfcarda1,
GrantScope=s3://amzn-s3-demo-bucket/prefixA 
),
ListAccessGrantEntry(
CreatedAt=2023-06-24T17:54:46.540Z,
AccessGrantId=ee8ee089-b224-4d72-85f6-975b4185a1b2,
AccessGrantArn=arn:aws:s3:us-east-2:111122223333:access-grants/default/grant/ee8ee089-b224-4d72-85f6-975b4185a1b2,
Grantee=Grantee(
GranteeType=IAM, GranteeIdentifier= arn:aws:iam::111122223333:user/data-consumer-9
),
Permission=READ,
AccessGrantsLocationId=12414a34-ea2e-4ddf-b425-d0d4bfcacao0,
GrantScope=s3://amzn-s3-demo-bucket/prefixB* 
)
]
)