Alon
Reputation: 11935
Attach existing policies directly for programatically access to S3
I am creating a user that needs a read and write access to S3 programatically.
Under "Attach existing policies directly" there are too many policies and I don't know which of them is the one I need.
Upvotes: 0
Views: 26
Answers (1)
John Rotenstein
Reputation: 269826
If you wish to grant one IAM User access to do anything in Amazon S3, you can simply attach the AmazonS3FullAccess policy, which grants:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*"
}
]
}
However, this lets them do anything (including deleting buckets). Normally, people would be assigned specific permissions for a given bucket, such as this inline policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObjectAcl",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::my-bucket/*",
"arn:aws:s3:::my-bucket"
]
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*"
}
]
}
Note that some actions apply to the bucket itself, while other applies to the contents (/*) of the bucket.
Upvotes: 1
Related Questions
- How to update an Amazon S3 Bucket Policy via the AWS CLI?
- To grant access, policies must have an action that has an applicable resource or condition
- Attach bucket policy to bucket generated by serverless
- Granting AWS Config access to the Amazon S3 Bucket
- Lambda function to write into S3 - IAM policy to access S3
- AWS S3 CLI - how to get JSON with all current policies set on a bucket?
- Setting policy for S3 bucket for authorized users
- S3 Bucket Policy - GET Implicitly Allowed
- Configuring Amazon S3 programmatic PUT access
- creating IAM policy for Amazon S3