Minio ACL

只允许访问单个 Bucket

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:*"],
      "Resource": ["arn:aws:s3:::demo/*"]
    }
  ]
}

基于 Bucket 前缀限制访问

实现类似多租户能力

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:*"],
      "Resource": ["arn:aws:s3:::demo-*"]
    }
  ]
}

writeonly

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:PutObject"],
      "Resource": ["arn:aws:s3:::*"]
    }
  ]
}

readonly

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:GetBucketLocation", "s3:GetObject"],
      "Resource": ["arn:aws:s3:::*"]
    }
  ]
}

readwrite

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:*"],
      "Resource": ["arn:aws:s3:::*"]
    }
  ]
}

ConsoleAdmin

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["admin:*"]
    },
    {
      "Effect": "Allow",
      "Action": ["s3:*"],
      "Resource": ["arn:aws:s3:::*"]
    }
  ]
}

diagnostics

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "admin:OBDInfo",
        "admin:Profiling",
        "admin:ServerInfo",
        "admin:ServerTrace",
        "admin:TopLocksInfo",
        "admin:ConsoleLog"
      ],
      "Resource": ["arn:aws:s3:::*"]
    }
  ]
}