S3 policy to allow to write to a bucket but not to read from it, is it possible?

Question

Is it possible to allow only write operation to a user to a bucket without the read permissions? The goal to let all my EC2 instances to write each one to a different bucket and not let them to read any other bucket. All my instances are running with the same IAM Role.

Khalid T. · Accepted Answer

It is certainly possible. For example, I usually use this write-only policy for EC2 instance backup to S3 when using sync command with the --delete switch:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::bucket-name"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:AbortMultipartUpload",
                "s3:ListMultipartUploadParts",
                "s3:ListBucketMultipartUploads"
            ],
            "Resource": [
                "arn:aws:s3:::bucket-name/*"
            ]
        }
    ]
}

S3 policy to allow to write to a bucket but not to read from it, is it possible?

Tags:

amazon-web-services

amazon-s3

amazon-ec2

amazon-iam

Oleg

1 Answers

Khalid T.

Recent Activity

Donate For Us

S3 policy to allow to write to a bucket but not to read from it, is it possible?

Tags:

amazon-web-services

amazon-s3

amazon-ec2

amazon-iam

Oleg

1 Answers

Khalid T.

Related questions

Recent Activity

Donate For Us