Granting permissions to an Amazon S3 bucket

Question

I'm fairly new to AWS, and I'm trying to grant a user access to an S3 bucket. I've created an IAM user, and have the access key and secret access key ID associated with the user, but I'm struggling to figure out how to grant that user permissions to an S3 bucket. I'd like to grant them write access (but not read) to the bucket, but am starting with all access to see if I can get permissions working.

I tried creating a policy through the policy creation tool and then attaching the policy to the user, but when I try to access the bucket through the policy simulator I get an error 'Implicitly denied no matching statements'

Here is the policy the policy generator created:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "Stmt1451195578000",
        "Effect": "Allow",
        "Action": [
            "s3:*"
        ],
        "Resource": [
            "arn:aws:s3:::techp.websitebackup/*"
        ]
    }
]

}

I think tried to attach this policy to the bucket in S3, but I get an error: Statement is missing required element - Statement "Stmt1451195578000" is missing "Principal" element

I think I'm probably misunderstanding how permissions on AWS work, can you provide some guidance?

thx v

Answer 1

Associating your policy with the user is the correct way of doing so. Your policy document is also correct.

In the simulator, don't provide * as the ARN of the resource but provide a qualified name. For example, arn:aws:s3:::techp.websitebackup/* or arn:aws:s3:::techp.websitebackup/foo/bar (because the user does not have privileges on every bucket in your account)