AWS:Allowing Access to an IAM application user to a specific S3 bucket
Question
I know this question has been posted and answered many times but none of the solution has worked for my situation.
Following is the policy attached to one of the IAM user that will be used by application to access a s3 bucket called xyz-billing:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::xyz-billing"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::xyz-billing/*"]
}
]
}
In fact I have tried multiple ways of defining policy but below is the common issue in all:
- When I try to simullate policy everything is denied.
- When I use asterix for the "Resource" :"*" the simulator shows allowed.
Where am I going wrong?
1 answers
solution1
0 2016-03-18 20:14:14
In my case, the bucket itself had permissions restricting other users from viewing it which caused the issue. Take a look at this for editing your bucket permissions. You would need list,view permissions on the S3 bucket in order to allow your Lambda access the bucket (and ofcourse appropriate role, policy)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.