Menu
Is there a way to somehow simplify the 2 AWS IAM Policy statements given below into one?
I want to allow ListBucket, GetBucketLocation, GetBucketPolicy, GetBucketACL Actions on the bucket, as well as the mainfolder and the subfolders 1,2,3 which are located within the bucket?
I have two statements - one to allow the operations on the bucket and the other to allow operations on the mainfolder and subfolders. Since the actions,Effect and Resource in both statements are the same, is it somehow possible to write a single statement?
Thanks,
John
"Statement": [
{
"Effect": "Allow",
"Sid": "AllowAccessToViewBucket",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:GetBucketACL"
],
"Resource": "arn:aws:s3:::bucket"
},
{
"Effect": "Allow",
"Sid": "AllowAccessToListFilesInAllFolders",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:GetBucketACL"
],
"Resource": "arn:aws:s3:::bucket",
"Condition": {
"StringEquals": {
"s3:prefix": [
"mainfolder",
"mainfolder/subfolder1",
"mainfolder/subfolder2",
"mainfolder/subfolder3"
],
"s3:delimiter": "/"
}
}
}
]
226
You can use a list of resources to combine these in to a single statement, like this
"Statement": [
{
"Effect": "Allow",
"Sid": "AllowAccessToViewBucket",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:GetBucketACL"
],
"Resource": ["arn:aws:s3:::bucket",
"arn:aws:s3:::bucket/mainfolder",
"arn:aws:s3:::bucket/mainfolder/subfolder1",
"arn:aws:s3:::bucket/mainfolder/subfolder2",
"arn:aws:s3:::bucket/mainfolder/subfolder3"
]
}
]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
