snippetModerate
How to provide a user to access only a particular bucket in AWS S3?
Viewed 0 times
provideuserbucketawshowparticularonlyaccess
Problem
I have a list of buckets in AWS S3. I have created an IAM user. I have an option to provide S3 full or read only access for a user using groups. Is there any options to provide access only to a particular bucket?
Solution
Amazon's IAM roles generally grant a role access to a particular ARN (Amazon Resource Name). Amazon notes on their pages that for S3 a resource
...can be a bucket-name or a bucket-name/object-key.
They also provide a helpful example for doing just this which appears as follows:
...can be a bucket-name or a bucket-name/object-key.
They also provide a helpful example for doing just this which appears as follows:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::test"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::test/*"]
}
]
}Code Snippets
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::test"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::test/*"]
}
]
}Context
StackExchange DevOps Q#1626, answer score: 10
Revisions (0)
No revisions yet.