How can I set a policy for an s3 bucket that allows authenticated users to list the bucket or get any file from the bucket
I have set a permission on the bucket that allows \"Authenticated Users\" to list, upload, and delete from a bucket I created. This seems to allow me to upload file
-
Just to compliment @c4urself answer. the answer help solve my issue as well, but there is some indication from AWS documentation, which you can add more than one resource, just use [] to make them a list. http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html#vpc-endpoints-s3-bucket-policies
{ "Statement": [ { "Sid": "Access-to-specific-bucket-only", "Principal": "*", "Action": [ "s3:ListBucket", "s3:GetObject", "s3:PutObject" ], "Effect": "Allow", "Resource": ["arn:aws:s3:::my_secure_bucket", "arn:aws:s3:::my_secure_bucket/*"] } ] }讨论(0) -
s3:GetObjectapplies to the objects in the bucket so the Resource is correct:"Resource": "arn:aws:s3:::my-bucket/*".s3:ListBucketapplies to the Bucket itself and so the Resource should be"Resource": "arn:aws:s3:::my-bucket"your resulting policy should resemble:
{ "Id": "Policy-some-number", "Statement": [ { "Sid": "Stmt-some-number", "Action": [ "s3:GetObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::my-bucket/*", "Principal": { "AWS": [ "*" ] } }, { "Sid": "Stmt-some-other-number", "Action": [ "s3:ListBucket" ], "Effect": "Allow", "Resource": "arn:aws:s3:::my-bucket", "Principal": { "AWS": [ "*" ] } } ] }讨论(0) -
Update Bucket policy as below
{ "Version": "2012-10-17", "Id": "Policy1546023103427", "Statement": [ { "Sid": "Stmt1546023101836", "Effect": "Allow", "Principal": "*", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::usagereports-atul", "arn:aws:s3:::usagereports-atul/*" ] } ]}
讨论(0)
加载中...
- 热议问题