Is there an S3 policy for limiting access to only see/access one bucket?
I have a simple bucket that looks like images.mysite.com on my S3 and other buckets containing backups, etc.
I want to allow a specific user to be able
-
While it's not possible to restrict s3:ListAllMyBuckets action to specific buckets, as for workaround you can send them Console URL for specific bucket, e.g.
https://s3.console.aws.amazon.com/s3/buckets/BUCKET_NAME/
Source: Restricting list of S3 buckets from the S3 Console
In order to do that, you'll need to specify the following policy document for given user or group:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation", "s3:ListBucketMultipartUploads" ], "Resource": [ "arn:aws:s3:::my-bucket-1", "arn:aws:s3:::my-bucket-2" ] }, { "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectVersion", "s3:GetObjectVersionAcl", "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectVersionAcl" ], "Resource": [ "arn:aws:s3:::my-bucket-1/*", "arn:aws:s3:::my-bucket-2/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets" ], "Resource": "arn:aws:s3:::*" } ] }Where
my-bucket-1andmy-bucket-2are your buckets to give the read and write access.Related:
- Writing IAM Policies: How to Grant Access to an Amazon S3 Bucket
- Restrict List of Buckets for a Specific User
- How to provide a user to access only a particular bucket in AWS S3?
- Specifying Resources in a Policy & Permissions Related to Bucket Operations
加载中...
- 热议问题