Alex A.
Reputation: 2613
Limiting access to AWS S3 with policy is not working as expected
I have a user group which we use for one of our environments in AWS. We are trying to limit access of that group only to specific S3 bucket.
So, I created a policy as follows:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::staging"
}
]
}
If I use AWS policy simulator, all shows as expected (at least looks like it). But, through the app, that uses the API key of a user in this group I am getting access denied when I upload a file.
What am I doing wrong?
This gives the same result
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:DeleteObject",
"s3:DeleteObjectVersion"
],
"Resource": [
"arn:aws:s3:::staffila-staging",
"arn:aws:s3:::staffila-staging/*"
]
}
]
}
Upvotes: 0
Views: 46
Answers (1)
Piyush Patil
Reputation: 14543
Use this policy this will work.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::staging"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:DeleteObject",
"s3:DeleteObjectVersion"
],
"Resource": ["arn:aws:s3:::staging/*"]
}
]
}
Upvotes: 1
Related Questions
- AWS S3 deny all access except for 1 user - bucket policy
- AWS S3 bucket policy should deny actions from ec2
- S3 bucket access restriction with bucket policy
- Restricting S3 bucket access to a VPC
- S3 Bucket Policy to Allow access to specific users and restrict all
- AWS S3 Access Policy - Restricting Folder Access
- AWS S3 Policy, Allow all resources and deny some
- AWS S3 NotResource/Deny and Resource/Condition
- aws s3 Bucket policy not working as expected
- Policy Denying Access On Amazon S3