Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Basic AWS IAM permissions for an S3 bucket

I'm trying to figure out a basic permission set for an IAM user/key to have to have access to only a single bucket in S3 - only read/write access on an individual bucket.

What set of permissions is the minimum required to make this work? I have all options selected in the IAM policy generator for S3, all permissions enabled on the bucket except CreateBucket and DeleteBucket. I've also created a set of keys specific to this user.

When I try to access the bucket with these credentials, I get a problem listing buckets, even though the ListAllMyBuckets property is enabled.

Anyone have any experience setting up a basic bucket config like this? Seems like it would be pretty common...

like image 608
colemanm Avatar asked Feb 02 '23 08:02

colemanm


1 Answers

The Example Policies for Amazon S3 cover various use cases similar or related to yours - specifically you might probably want to combine Example 1: Allow each user to have a home directory in Amazon S3 with Example 2: Allow a user to list only the objects in his or her home directory in the corporate bucket - you'd just need to adjust the Resource to target your buckets root directory instead, i.e. replace /home/bob/*with *.

Please note that Example 2 facilitates ListBucket, which is an operation on a bucket that returns information about some of the items in the bucket, whereas ListAllMyBuckets is an operation on the service that returns a list of all buckets owned by the sender of the request, so likely not applicable to your use case (see my comment regarding clarification of the latter).

like image 66
Steffen Opel Avatar answered Feb 05 '23 17:02

Steffen Opel