Abhishek Nair
Reputation: 21
S3 bucket policy to grant/restrict access to a specific federated user
I am looking for a S3 bucket policy which can grant/restrict specific federated users access to the bucket. Federated users in aws uses IAM roles. Is there some way I can limit the access to a user even if the user has assumed the role. Is there a way I can specify federated users in a bucket policy? Also the S3 bucket is in a different account.
Upvotes: 2
Views: 3149
Answers (1)
John Rotenstein
Reputation: 269490
When a user is assuming a role, they are assigned a role-session-name. This can be used to track the identity of the user assuming the role.
From AWS JSON Policy Elements: Principal - AWS Identity and Access Management:
Specific assumed-role user
"Principal": { "AWS": "arn:aws:sts::AWS-account-ID:assumed-role/role-name/role-session-name" }
Upvotes: 1
Related Questions
- Amazon S3 bucket policy to for federated user
- S3 Bucket Policy to Allow access to specific users and restrict all
- IAM Role policy for cross account access to S3 bucket in a specific AWS account
- How to restrict S3 access to users of Active Directory
- Restrict user access to Single S3 Bucket using Amazon IAM?
- AWS IAM Policy: Restrict Bucket/Folder Access By User/Role?
- Allow IAM user to access single s3 bucket
- How do I limit access to S3 Bucket for particular IAM Role?
- AWS S3 Policy for authenticated users
- Restricting access to Amazon S3 on object level for federated IAM users