Grant access to only one bucket in S3
Question
I´m trying to write a policy to grant a specific user access to only one bucket
this is what I have so far:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::MYBUCKET",
"arn:aws:s3:::MYBUCKET/*"
]
}
]
}
I don´t want this user to list all other buckets so I changed "Resource": "arn:aws:s3:::*" to "Resource": "arn:aws:s3:::MYBUCKET" but it didn´t work. I don´t need this user to access the console just programmatically is fine. thank you!!
1 answers
solution1
2 ACCPTED 2017-07-04 22:09:41
It is not possible to limit the results of the ListAllMyBuckets command. Either they see the list of all the buckets , or they see none at all.
If they know which bucket they wish to use, then you could simply remove permission to list buckets . They will still be able to list the contents of MYBUCKET and upload/download objects. They just won't be able to request a list of buckets. (And the S3 Management Console won't function because it expects to be able to list all buckets in the account)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.