Saturday, November 21, 2015

How To Grant Access To Only One S3 Bucket Using AWS IAM Policy

Click on “My Account/Console” and select “Security Credentials”.

Select “Continue to Security Credentials”.

Select “Policies” on the left menu, then click “Create Policy”.

Select “Create Your Own Policy”.

Fill out the “Policy Name”, “Description” and “Policy Document” fields.
Replace “YOUR-BUCKET” in the example below with your bucket name.
Please note that we set “ListAllMyBuckets” to list all buckets owned by you, so that tools that lists buckets will work.

NOTE: If you explicitly list out the actions for your bucket, please also include
"s3:GetBucketLocation" so that ObjectiveFS can select the right S3 endpoint to talk with.
Example policy:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                        "s3:GetBucketLocation",
                        "s3:ListAllMyBuckets"
                      ],
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::YOUR-BUCKET",
                "arn:aws:s3:::YOUR_BUCKET/*"
            ]
        }
    ]
}


No comments:

Post a Comment