Reputation: 11
Allow user access to one directory in a S3 Bucket
I searched through existing questions and couldnt find an answer.
I want to restrict access to one directory S3 bucket to some user. For example, I have the directory my-bucket/test/123. I put a few images to this directory. Other users should not have access to this directory. Then I created Bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789000:user/some-user"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::my-bucket/test/123/*"
}
]
}
But when I tried to open file in browser, I recieved "Access Denied" message.
I tried to use Deny effect and NotPrincipal. In this case, the files are available to other users. Please help!
Upvotes: 1
Views: 2934
Answers (1)
Reputation: 1447
You also need bucket listing permissions on the root prefix (folder) as described in this AWS doc Writing IAM Policies: Grant Access to User-Specific Folders in an Amazon S3 Bucket:
Although David should have access to only his home folder, he requires additional permissions so that he can navigate to his folder in the Amazon S3 console. David needs permission to list objects at the root level of the my-company bucket and in the home/ folder.
Upvotes: 1
Related Questions
- How do I restrict access to a single folder in a S3 bucket?
- Allowing permission using S3FS bucket directory for other users
- AWS S3 Access Policy - Restricting Folder Access
- Deny access to all users except one to access private-folder inside S3 bucket
- How to give access to one specific bucket?
- allow open access to S3 bucket with certain restrictions
- Allow IAM user to access single s3 bucket
- Grant access to only one bucket in S3
- AWS S3 Bucket Policy to block access to all but one directory, even if user has full S3 permissions
- How to restrict folders to user