For a given IAM user, I want to only allow that user access to one specific bucket in our account (call it foo-bucket
).
However, this seems to have the effect of disabling access to any public bucket outside our account, which is not what I want. I'd like the user to still have access to any public bucket in another account, for example broad-references
. I could of course explicitly grant access to a specific public bucket, but there are countless public buckets in the world and I don't want to restrict access to any of them.
Here is the existing policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "economycloud",
"Action": [
"s3:List*",
"s3:Get*",
"s3:DeleteObject*",
"s3:Abort*",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectTagging",
"s3:RestoreObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::foo-bucket/*",
"arn:aws:s3:::foo-bucket"
]
},
{
"Sid": "AllowListing",
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
Can someone suggest an IAM policy that would do the following:
Dan,
This is how you'll be able to achieve this:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.