stackoom
  简体   繁体   中英

AWS IAM S3 Policy

 原文  2020-02-08 18:21:18       amazon-web-services/ amazon-s3/ amazon-iam

Question

I currently have AWS Policy that grants a user account access to create new users with limited access to IAM and S3

How can I reduce the permission of this user further so the user is unable to list all the S3 buckets on my account

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iam:PutUserPolicy",
                "iam:GetUser",
                "iam:CreateUser",
                "iam:CreateAccessKey"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "cloudformation:*"
            ],
            "Resource": "*"
        }
    ]
}

1 answers

solution1
 0  2020-02-09 05:21:12

It is not possible to limit the list of buckets presented to a user. Either they have permission to list all the buckets in an account, or they do not have permission to list any buckets.

The ability to list buckets is separate to the ability to list the contents of a bucket.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS S3 IAM policy multiple buckets AWS IAM S3 download policy IAM Policy and S3 Policy Setting IAM Policy on AWS S3 Bucket (allow change ACL) AWS policy to limit S3 data size per IAM user AWS S3 IAM policy to limit to single sub folder AWS IAM Policy Issues writing to s3 bucket for Grafana alerts AWS IAM group policy on S3 resource affecting other groups? Specifying multiple folders in AWS S3 IAM policy Amazon AWS S3 IAM Policy based on namespace or tag
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM