TravelingLex
Reputation: 477
How to give external AWS IAM user access to specific S3 Bucket folder
I need to give external users access to a single Amazon S3 bucket folder. I have their ARN information but I am having an issue granting access.
{
"Version": "2012-10-17",
"Id": "S3AccessPolicy",
"Statement": [
{
"Sid": "TestAccess",
"Effect": "Allow",
"Principal": {
"AWS": "<external ARN>"
},
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::rootlevelbucket",
"arn:aws:s3:::rootlevelbucket/specificfolder/*"
]
}
]
}
Upvotes: 1
Views: 2993
Answers (1)
WaltDe
Reputation: 1832
There is 2 sides to cross account access. You have the first part with the bucket policy, but the admin for the external account needs to grant the user access to the S3 with a IAM policy like below. You can use the s3:* on the IAM policy because you bucket policy will restrict to just the commands you list.
IAM Policy for external user:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "RootlevelbucketAccess",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::rootlevelbucket",
"arn:aws:s3:::rootlevelbucket/specificfolder/*"
]
}
]
}
Upvotes: 3
Related Questions
- AWS IAM Policy to allow user access to specific S3 bucket for backup
- S3 access to only one IAM user
- IAM Role policy for cross account access to S3 bucket in a specific AWS account
- AWS access to S3 bucket's folder for user groups
- Allow multiple users access to private S3 folder using IAM roles
- Restrict user access to Single S3 Bucket using Amazon IAM?
- Enabling AWS IAM Users access to shared bucket/objects
- Allow IAM user to access single s3 bucket
- Amazon S3 IAM User can' access S3 bucket
- AWS S3 grant access to single IAM user