Menu
I would like a bucket policy that allows access to all objects in the bucket, and to do operations on the bucket itself like listing objects. (Action is s3:*.)
I was able to solve this by using two distinct resource names: one for arn:aws:s3:::examplebucket/* and one for arn:aws:s3:::examplebucket.
Is there a better way to do this - is there a way to specify a resource identifier that refers to the bucket itself and all its contained objects, in one shot?
725
Permissions against the Bucket are separate to permissions against Objects within the Bucket. Therefore, you must grant permissions to both.
Fortunately, you can write a shorter version to combine bucket-level and object-level permissions:
{
"Id": "BucketPolicy",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllAccess",
"Action": "s3:*",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
],
"Principal": "*"
}
]
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
