Restrict user access to Single S3 Bucket using Amazon IAM?
Question
When you work with the team, you might want to restrict an access to a single S3 bucket to specific users. How can I achieve this?
The following code is not working. The user still has full permission.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::Privatebacket",
"arn:aws:s3:::Privatebacket/*"
]
}
]
}
3 answers
solution1
3 2018-05-28 09:15:41
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::YOUR-BUCKET",
"arn:aws:s3:::YOUR-BUCKET/*"
]
}
]
}
https://www.serverkaka.com/2018/05/grant-access-to-only-one-s3-bucket-to-aws-user.html
solution2
0 2017-06-15 08:49:09
Try the below mentioned link. You can grant user specific folder permissions using IAM policies.
solution3
0 2017-06-15 10:41:17
You can add an inline policy for that IAM user. You can set a 'deny' policy to that specific s3 bucket.
Policy Document:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1497522841000",
"Effect": "Deny",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::mjzone-private"
]
}
]
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.