Restrict List of Buckets for a Specific User

Question

I\'ve been able to generate a user policy that only gives access to a specific bucket, however after trying everything (including this post: Is there an S3 policy for limiti

Answer 1

The free "S3 Browser" (this works on my version 3-7-5) allows users with the proper permissions to "Add External Bucket" for the account, all they need to know is the name of the bucket. This allows them to "see" their bucket and the contents (and what ever abilities they've been given inside that bucket), they won't see any of the other buckets.

To make the bucket "play nice" with the S3 Browser behavior, I suggest the following IAM Policy for the User or Group:

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:GetBucketAcl"
      ],
      "Resource": "arn:aws:s3:::acgbu-acg"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::acgbu-acg/*"
    }
  ]
}

It's a work around, and it's okay if the user only needs to do it once. But if the buckets your user is accessing are changing around a lot then this work around isn't very practical.