Limiting access to AWS S3 with policy is not working as expected
Question
I have a user group which we use for one of our environments in AWS. We are trying to limit access of that group only to specific S3 bucket.
So, I created a policy as follows:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::staging"
}
]
}
If I use AWS policy simulator, all shows as expected (at least looks like it). But, through the app, that uses the API key of a user in this group I am getting access denied when I upload a file.
What am I doing wrong?
This gives the same result
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:DeleteObject",
"s3:DeleteObjectVersion"
],
"Resource": [
"arn:aws:s3:::staffila-staging",
"arn:aws:s3:::staffila-staging/*"
]
}
]
}
1 answers
solution1
1 2016-09-16 09:33:32
Use this policy this will work.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::staging"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:DeleteObject",
"s3:DeleteObjectVersion"
],
"Resource": ["arn:aws:s3:::staging/*"]
}
]
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
AWS S3 Bucket Policy - Read only access for specific “folder”
AWS S3 deny all access except for 1 user - bucket policy
Amazon S3 files access policy based on IP Address
How to enable AWS-S3-security policy for files uploaded in S3
S3 bucket policy via a particular application
AWS S3 The security of a signed URL as a hyperlink
insecure content from aws s3
How secure are presigned URLs in AWS S3?
AWS S3 file only for special user
Secure AWS S3 file urls
Related Tags