I have a bit of a problem, to which Iam not sure I know the answer to. I have a bucket named staging
and I would like to give access to a third party dev (which is building the webapp) to allow file uploads into this bucket.
What is the correct way to go about doing this? Surely, not giving away my aws secrets?
Would be great if someone can point me in the right direction for this.
You can achieve it using Resource Based Policies
in Staging
S3 bucket.
Add a Resource Based Policy to Staging bucket that allow access to Dev account's IAM User/Role.
{ "Version": "2012-10-17", "Statement": [{ "Sid": "VisualEditor0", "Effect": "Allow", "Principal": { "AWS": "<ARN of IAM User/Role from Dev Account>" }, "Action": [ "s3:GetObject", "s3:PutObject" ] "Resource": "arn:aws:s3:::staging-bucket/*" }] }
Next, add an IAM Policy in Dev account, that allow access to S3 bucket in Staging account.
{ "Version": "2012-10-17", "Statement": [{ "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject" ] "Resource": "arn:aws:s3:::staging-bucket/*" }] }
if you are talking about a third party app is uploading content; one option is You can expose an API via apigateway to upload content to the bucket. Remember to remove public access from the bucket permission.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.