Reputation: 191
I'm trying to upload an image from a .NET webservice to an amazon s3 bucket.
By using this public policy on the bucket i can do that:
{ "Id": "Policyxxxxxxxx", "Version": "yyyy-MM-dd", "Statement": [ { "Sid": "xxxxxxxxxx", "Action": [ "s3:GetObject", "s3:PutObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::(bucketName)/*", "Principal": "*" } ] }
But when i try to give access only to my user/credentials like this:
{ "Id": "Policyxxxxxxxx", "Version": "yyyy-MM-dd", "Statement": [ { "Sid": "xxxxxxxxxx", "Action": [ "s3:GetObject", "s3:PutObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::(bucketName)/*", "Principal": { "AWS": [ "arn:aws:iam::(accountID):user/(userName)" ] } } ] }
i get "Accces Denied".
So what im doing wrong with the policy?
Upvotes: 0
Views: 591
Reputation: 269490
If you wish to grant access to an Amazon S3 bucket to a particular IAM User, you should put the policy on the IAM User itself rather than using a bucket policy.
For example, see: Create a single IAM user to access only specific S3 bucket
Upvotes: 0