Reputation: 2412
Grant access to only one bucket in S3
I´m trying to write a policy to grant a specific user access to only one bucket
this is what I have so far:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::MYBUCKET",
"arn:aws:s3:::MYBUCKET/*"
]
}
]
}
I don´t want this user to list all other buckets so I changed "Resource": "arn:aws:s3:::*" to "Resource": "arn:aws:s3:::MYBUCKET" but it didn´t work. I don´t need this user to access the console just programmatically is fine. thank you!!
Upvotes: 1
Views: 716
Answers (1)
Reputation: 269340
It is not possible to limit the results of the ListAllMyBuckets command. Either they see the list of all the buckets, or they see none at all.
If they know which bucket they wish to use, then you could simply remove permission to list buckets. They will still be able to list the contents of MYBUCKET and upload/download objects. They just won't be able to request a list of buckets. (And the S3 Management Console won't function because it expects to be able to list all buckets in the account)
Upvotes: 3
Related Questions
- AWS S3 deny all access except for 1 user - bucket policy
- S3 bucket policy: allow full access to a bucket and all its objects
- S3 bucket access restriction with bucket policy
- AWS policy to allow access only to a specific bucket folder
- How to give access to one specific bucket?
- Restrict user access to Single S3 Bucket using Amazon IAM?
- allow open access to S3 bucket with certain restrictions
- How to define Specific Bucket Only Allow S3 Full Access Policy to that bucket only?
- S3: How to grant access to multiple buckets?
- S3 Policy Limiting Access to only one foler