Is there an S3 policy for limiting access to only see/access one bucket?

Question

I have a simple bucket that looks like images.mysite.com on my S3 and other buckets containing backups, etc.

I want to allow a specific user to be able

Answer 1

There is a great way to allow users to access a specific bucket without comprising knowledge of other buckets. A group policy that is like the one below will allow users to only see "bucket a". The only catch is that the user will only ever be able to access the bucket if they connect to the given bucket endpoint. For the example below that would be bucket-a.s3.amazonaws.com. The bucket may also have to have "Authenticated Users" allowed for this to occur.

{
    "Statement": [
     {
         "Sid": "",
         "Action": [
           "s3:ListBucket",
           "s3:GetBucketLocation"
          ],
         "Effect": "Allow",
         "Resource": [
           "arn:aws:s3:::bucket-a"
         ]
     },
     {
      "Sid": "",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::bucket-a/*"
      ]
     }
   ]
}

This method was tested with Cyberduck on Mac OS/X and using the s3cmd package

./s3cmd ls s3://bucket-a --access_key=ACCESS_KEY --secret_key=SECRET_KEY --bucket-locat
ion=ap-southeast-2