Reputation: 2053
AWS S3 bucket policy
What I want to do is list all the contents of a bucket, except from the contents of a specific folder (archive). The problem is when I "ls" the bucket, I also get the files from the "archive" folder. This is my current setup:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListBucket"
],
"Sid": "Stmt1382452205000",
"Resource": [
"arn:aws:s3:::mybucket"
],
"Condition":{
"StringNotLike":{"s3:prefix":["archive/"]}
},
"Effect": "Allow"
},
{
"Sid": "ExplictDenyAccessToArchive",
"Action": ["s3:*"],
"Effect": "Deny",
"Resource":["arn:aws:s3:::mybucket/archive/*"]
},
{
"Sid": "DenyListBucketOnArchive",
"Action": ["s3:ListBucket"],
"Effect": "Deny",
"Resource": ["arn:aws:s3:::*"],
"Condition":{
"StringLike":{"s3:prefix":["archive/"]}
}
}
]
}
Upvotes: 0
Views: 967
Answers (1)
Reputation: 384
The ListBucket action in IAM policies applies at the bucket level. You cannot grant it on a subset of the bucket.
It sounds like your goal is to exclude files from a file listing rather than restrict access to the user. Unfortunately the S3 api does not let you specify prefixes to exclude. You could however use the API's delimiter option to get a top level listing of all the top level paths, and then make follow up calls using the prefix and marker parameters to only list the paths you are interested.
More details at: http://docs.aws.amazon.com/AmazonS3/latest/API/SOAPListBucket.html
Upvotes: 2
Related Questions
- aws s3 bucket policy
- I have a Query about AWS S3 bucket policy
- IAM Policy: Users cannot access S3 bucket
- AWS S3 Bucket Policy throws Access Denied Error
- AWS S3 bucket access control
- IAM Policy and S3 Policy
- Iam policy for s3 buckets
- S3 Principal Bucket Policy Permissions
- aws s3 Bucket policy not working as expected
- Amazon S3 Bucket and Folder Policy for IAM access?