AWS IAM User Access to S3
Question
I have created an IAM user and given it Full-Control (Action *) to a specific bucket.
The user needs to be able to put images, delete images and create sub-folders (which I think could be part of put) in this bucket.
Now I want to limit the amount of access this IAM user account has and wanted to ask if anyone know what I should limit it to if I need the above actions?
What actions would I require?
- s3:putObject
- s3:DeleteObject
Would I require any other actions? I've been trying to deciper this AWS Page: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingIAMPolicies.html
thankyou
2 answers
solution1
2 ACCPTED 2013-03-12 01:34:32
All you are doing is creating and deleting S3 objects, so those two permissions are all you need. However, some language APIs do additional operations and need more privilege as a result. For example, you might need to add list permission for your API to work. You should try testing it with a small program.
By the way, you don't actually create folders. If you PUT an object with slashes in its name, you are implicitly creating all the intermediate "folders" (which don't really exist, but act like they do).
solution2
0
Currently when creating read/write access for s3 buckets we do the following policy
"Sid": "S3Write",
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:Get*",
"s3:List*",
"s3:PutObject*"
For read access
"Sid": "S3ReadAccess",
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*"
]
Hope this helps.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.