Allow IAM user to access specific folder in AWS S3 Bucket to view and upload objects
Question
I have multiple s3 buckets, i need to allow one s3 bucket folder access to IAM user to upload and view objects. can some one assist me how to do this.
1 answers
solution1
0 2022-03-22 05:58:41
If you wish to grant specific IAM User(s) access to particular folders within an Amazon S3 bucket, you can create an IAM Policy and attach it to the user.
From User policy examples - Amazon Simple Storage Service :
To grant each user access only to his or her folder, you can write a policy for each user and attach it individually. For example, you can attach the following policy to user Alice to allow her specific Amazon S3 permissions on the
awsexamplebucket1/Alicefolder.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::awsexamplebucket1/Alice/*"
},
{
"Sid": "AllowListBucketOfASpecificUserPrefix",
"Action": "s3:ListBucket",
"Effect": "Allow",
"Resource": "arn:aws:s3:::awsexamplebucket1",
"Condition": {
"StringLike": {
"s3:prefix": [
"Alice/*"
]
}
}
}
]
}
If you want to do this for multiple users , the easiest way is to create a single policy and attach it to an IAM Group , the put the users in the group. This policy will grant them access to a folder with the same name as their username:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::awsexamplebucket1/${aws:username}/*"
},
{
"Sid": "AllowListBucketOfASpecificUserPrefix",
"Action": "s3:ListBucket",
"Effect": "Allow",
"Resource": "arn:aws:s3:::awsexamplebucket1",
"Condition": {
"StringLike": {
"s3:prefix": [
"${aws:username}/*"
]
}
}
},
]
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.