Reputation: 18770
S3 bucket policy: allow full access to a bucket and all its objects
I would like a bucket policy that allows access to all objects in the bucket, and to do operations on the bucket itself like listing objects. (Action is s3:*.)
I was able to solve this by using two distinct resource names: one for arn:aws:s3:::examplebucket/* and one for arn:aws:s3:::examplebucket.
Is there a better way to do this - is there a way to specify a resource identifier that refers to the bucket itself and all its contained objects, in one shot?
Upvotes: 18
Views: 60026
Answers (2)
Reputation: 168
AWS has updated how it lets you enter Bucket Policy on the permissions page. I used the provided UI layer to add Action and resources. Use the below-mentioned policy and change the resource according to your bucket
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "your_arn/*"
}
]
}
Upvotes: 4
Reputation: 269101
Permissions against the Bucket are separate to permissions against Objects within the Bucket. Therefore, you must grant permissions to both.
Fortunately, you can write a shorter version to combine bucket-level and object-level permissions:
{
"Id": "BucketPolicy",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllAccess",
"Action": "s3:*",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
],
"Principal": "*"
}
]
}
Upvotes: 48
Related Questions
- aws s3 bucket policy
- S3 bucket access restriction with bucket policy
- AWS S3 bucket organization access policy
- S3 Bucket Policy to Allow access to specific users and restrict all
- How to define Specific Bucket Only Allow S3 Full Access Policy to that bucket only?
- Grant access to only one bucket in S3
- s3 bucket policy post
- Setting policy for S3 bucket for authorized users
- AWS S3: user policy for specifc bucket
- Setting S3 Bucket Policies