Nerdy Drunk

Drunk on technology

User Tools

Site Tools


aws:s3policy

S3 Bucket Policy

If account 111111111111 owns S3 bucket “examplebucket” and wants to allow admin users in account 222222222222 list and write access the following policy can be used. If non admin users in account 222222222222 need list or write access that would have to be granted via user policy in account 222222222222.

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "Example permissions",
			"Effect": "Allow",
			"Principal": {
				"AWS": "arn:aws:iam::222222222222:root"
			},
			"Action": [
				"s3:GetBucketLocation",
				"s3:ListBucket"
			],
			"Resource": "arn:aws:s3:::examplebucket"
		},
		{
			"Sid": "Example permissions",
			"Effect": "Allow",
			"Principal": {
				"AWS": "arn:aws:iam::222222222222:root"
			},
			"Action": "s3:PutObject",
			"Resource": "arn:aws:s3:::examplebucket/*"
		}
	]
}

http://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example2.html


IAM policy to allow user access to a specific bucket.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "BucketAndObjects",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObjectAcl",
                "s3:GetObject",
                "s3:ObjectOwnerOverrideToBucketOwner",
                "s3:ListBucket",
                "s3:DeleteObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::s3bucketname/*",
                "arn:aws:s3:::s3bucketname"
            ]
        },
        {
            "Sid": "Buckets",
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "*"
        }
    ]
}
aws/s3policy.txt · Last modified: 2022/07/21 10:41 by 127.0.0.1