这个是我云效这个账号的策略,要求只允许在指定 ip 白名单内访问 指定 oss bucket。但是这个在云绩里面并没有生效?{
“Version”: “1”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“oss:DescribeRegions”,
“oss:DoMetaQuery”,
“oss:GetAccessPoint”,
“oss:GetAccessPointPolicy”,
“oss:GetBucketAccessMonitor”,
“oss:GetBucketAcl”,
“oss:GetBucketCors”,
“oss:GetBucketEncryption”,
“oss:GetBucketInfo”,
“oss:GetBucketLifecycle”,
“oss:GetBucketLocation”,
“oss:GetBucketLogging”,
“oss:GetBucketPolicy”,
“oss:GetBucketReferer”,
“oss:GetBucketReplication”,
“oss:GetBucketReplicationLocation”,
“oss:GetBucketReplicationProgress”,
“oss:GetBucketRequestPayment”,
“oss:GetBucketResourceGroup”,
“oss:GetBucketStat”,
“oss:GetBucketTagging”,
“oss:GetBucketTransferAcceleration”,
“oss:GetBucketVersioning”,
“oss:GetBucketWebsite”,
“oss:GetBucketWorm”,
“oss:GetCnameToken”,
“oss:GetLiveChannel”,
“oss:GetLiveChannelHistory”,
“oss:GetLiveChannelStat”,
“oss:GetMetaQueryStatus”,
“oss:GetObject”,
“oss:GetObjectAcl”,
“oss:GetObjectTagging”,
“oss:GetStyle”,
“oss:GetUserAntiDDosInfo”,
“oss:GetVodPlaylist”,
“oss:ListLiveChannel”,
“oss:ListObjects”,
“oss:AbortBucketWorm”,
“oss:AbortMultipartUpload”,
“oss:CloseMetaQuery”,
“oss:CompleteBucketWorm”,
“oss:CreateAccessPoint”,
“oss:CreateCnameToken”,
“oss:CreateOrder”,
“oss:DeleteAccessPoint”,
“oss:DeleteAccessPointPolicy”,
“oss:DeleteBucket”,
“oss:DeleteBucketCors”,
“oss:DeleteBucketEncryption”,
“oss:DeleteBucketInventory”,
“oss:DeleteBucketLifecycle”,
“oss:DeleteBucketLogging”,
“oss:DeleteBucketPolicy”,
“oss:DeleteBucketReplication”,
“oss:DeleteBucketTagging”,
“oss:DeleteBucketWebsite”,
“oss:DeleteLiveChannel”,
“oss:DeleteObject”,
“oss:DeleteObjectTagging”,
“oss:DeleteStyle”,
“oss:ExtendBucketWorm”,
“oss:InitBucketAntiDDosInfo”,
“oss:InitiateBucketWorm”,
“oss:InitUserAntiDDosInfo”,
“oss:OpenMetaQuery”,
“oss:PostDataLakeStorageAdminOperation”,
“oss:PostDataLakeStorageFileOperation”,
“oss:PostDataLakeStorageSecurityOperation”,
“oss:PutAccessPointPolicy”,
“oss:PutBucket”,
“oss:PutBucketAccessMonitor”,
“oss:PutBucketAcl”,
“oss:PutBucketCors”,
“oss:PutBucketEncryption”,
“oss:PutBucketInventory”,
“oss:PutBucketLifecycle”,
“oss:PutBucketLogging”,
“oss:PutBucketPolicy”,
“oss:PutBucketReferer”,
“oss:PutBucketReplication”,
“oss:PutBucketRequestPayment”,
“oss:PutBucketResourceGroup”,
“oss:PutBucketTagging”,
“oss:PutBucketTransferAcceleration”,
“oss:PutBucketVersioning”,
“oss:PutBucketWebsite”,
“oss:PutCname”,
“oss:PutLiveChannel”,
“oss:PutLiveChannelStatus”,
“oss:PutObject”,
“oss:PutObjectAcl”,
“oss:PutObjectTagging”,
“oss:PutStyle”,
“oss:RestoreObject”,
“oss:UpdateBucketAntiDDosInfo”,
“oss:UpdateUserAntiDDosInfo”
],
“Resource”: [
“acs:oss:oss-::tracker-test”,
“acs:oss:oss-::tracker-pre”,
“acs:oss:oss-::tracker-online”,
“acs:oss:oss-::safeis-public”
],
“Condition”: {
“IpAddress”: {
“acs:SourceIp”: [
“47.57.70.87”,
“47.242.65.197”,
“47.90.29.115”,
“47.57.136.136”,
“47.93.89.246”,
“47.94.150.17”,
“112.126.70.240”,
“123.56.255.38”,
“47.94.150.88”
]
}
}
}
]
}
以下为热心网友提供的参考意见
您可以尝试重新创建云绩项目,然后重新应用策略。如果您使用的是私有云,请确保您已经将云效的权限集添加到云绩中。