AWS create user only with S3 permissions

Question

I know how to create a user through AWS Console en IAM, but I wonder where or how should I set the permissions to that user in order that he only could:

upload/delete files to a specific folder in a specific S3 bucket

I have this bucket:

So I wonder if I have to set up the permissions in that interface, or directly in the user in IAM service

I'm creating a Group there with this policy:

but for "Write" and "Read" there are a lot of policies, which ones do I need only for write/read files in a specific bucket?

Edit: Currently I have this policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:ListBucket",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::static.XXXXXX.com/images/carousel/*",
            "Condition": {
                "BoolIfExists": {
                    "aws:MultiFactorAuthPresent": "true"
                }
            }
        }
    ]
}

I wonder if that is enough to:

log in AWS Console
go to S3 buckets and delete/read objects in the folder of the bucket that I want

Robert Kossendey · Accepted Answer

You can attach a role to that user that gets a custom policy (Doc).

There you can choose the service, the actions which you want to allow and also the resource which are whitelisted.

AWS create user only with S3 permissions

Answers (2)

Related Questions