LaPregunta
LaPregunta

Reputation: 191

What's the right way to write an amazon s3 bucket policy?

I'm trying to upload an image from a .NET webservice to an amazon s3 bucket.

By using this public policy on the bucket i can do that:

{
    "Id": "Policyxxxxxxxx",
    "Version": "yyyy-MM-dd",
    "Statement": [
        {
            "Sid": "xxxxxxxxxx",
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::(bucketName)/*",
            "Principal": "*"
        }
    ] }

But when i try to give access only to my user/credentials like this:

{
    "Id": "Policyxxxxxxxx",
    "Version": "yyyy-MM-dd",
    "Statement": [
        {
            "Sid": "xxxxxxxxxx",
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::(bucketName)/*",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::(accountID):user/(userName)"
                ]
            }
        }
    ]
}

i get "Accces Denied".

So what im doing wrong with the policy?

Upvotes: 0

Views: 591

Answers (1)

John Rotenstein
John Rotenstein

Reputation: 269490

If you wish to grant access to an Amazon S3 bucket to a particular IAM User, you should put the policy on the IAM User itself rather than using a bucket policy.

For example, see: Create a single IAM user to access only specific S3 bucket

Upvotes: 0

Related Questions