Setting IAM Policy on AWS S3 Bucket (allow change ACL)
Question
I am just setting up an IAM for an external contractor who will be updating our website which is located in an S3 bucket www.mybucketsite.com
I am having trouble trying to allocate them the right permissions which will allow them to change the ACLs on individual files to make them public or private after uploading.
Current IAM Policy is as thus:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::www.mybucketsite.com"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:GetObjectAcl",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::www.mybucketsite.com/*"
]
}
]
}
So far, they can see, upload and delete files just fine. When changing ACL's though, they can see existing ACL settings, but they are getting a 'Permission Denied' error message back when trying to update them.
What have I missed out on?
1 answers
solution1
0 2019-12-02 08:36:53
You need to configure the block public access permissions associated with your bucket where you can allow all options or select options as per screenshot.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.