I need an Amazon S3 user with full access to a single bucket

Question

I have a user foo with the following privileges (it's not a member of any group):

{   "Statement": [     {       "Sid": "Stmt1308813201865",       "Action": "s3:*",       "Effect": "Allow",       "Resource": "arn:aws:s3:::bar"     }   ] } 

That user however seem unable to upload or do much of anything until I grant full access to authenticated users (which might apply to anyone). This still doesn't let the user change permission as boto is throwing an error after an upload when it tries to do do key.set_acl('public-read').

Ideally this user would have full access to the bar bucket and nothing else, what am I doing wrong?

Answer 1

You need to grant s3:ListBucket permission to the bucket itself. Try the policy below.

{   "Statement": [     {       "Effect": "Allow",       "Action": "S3:*",       "Resource": "arn:aws:s3:::bar/*",       "Condition": {}     },     {       "Effect": "Allow",       "Action": [         "s3:ListBucket"       ],       "Resource": "arn:aws:s3:::bar",       "Condition": {}     }   ] } 

Answer 2

The selected answer didn't work for me, but this one did:

{   "Statement": [     {       "Action": "s3:*",       "Effect": "Allow",       "Resource": [         "arn:aws:s3:::my-bucket",         "arn:aws:s3:::my-bucket/*"       ]     }   ],   "Statement": [     {       "Effect": "Allow",       "Action": "s3:ListAllMyBuckets",       "Resource": "arn:aws:s3:::*"     }   ] } 

Credit: http://mikeferrier.com/2011/10/27/granting-access-to-a-single-s3-bucket-using-amazon-iam/