Is there an S3 policy for limiting access to only see/access one bucket?

by

I’ve been trying this for a while and finally came up with a working solution. You must use different “Resources” depending on the kind of action you’re performing. Also I included some missing actions in the previous answer (like DeleteObject) and restricting some more (like PutBucketAcl).

The following IAM policy is working for me now:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:ListBucketMultipartUploads"
      ],
      "Resource": "arn:aws:s3:::itnighq",
      "Condition": {}
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:AbortMultipartUpload",
        "s3:DeleteObject",
        "s3:DeleteObjectVersion",
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:GetObjectVersion",
        "s3:GetObjectVersionAcl",
        "s3:PutObject",
        "s3:PutObjectAcl",
        "s3:PutObjectVersionAcl"
      ],
      "Resource": "arn:aws:s3:::itnighq/*",
      "Condition": {}
    },
    {
      "Effect": "Allow",
      "Action": "s3:ListAllMyBuckets",
      "Resource": "*",
      "Condition": {}
    }
  ]
}

The actions regarding a bucket and those regarding objects must have different arn.

More Related Contents:

  1. Restrict List of Buckets for a Specific User
  2. What is the algorithm to compute the Amazon-S3 Etag for a file larger than 5GB?
  3. Amazon S3 boto – how to create a folder?
  4. Set cache-control for entire S3 bucket automatically (using bucket policies?)
  5. Correct S3 + Cloudfront CORS Configuration?
  6. Exporting data from Google Cloud Storage to Amazon S3
  7. How to Configure SSL for Amazon S3 bucket
  8. How long should I wait after applying an AWS IAM policy before it is valid?
  9. Quick way to list all files in Amazon S3 bucket?
  10. How to get the md5sum of a file on Amazon’s S3
  11. Receive AccessDenied when trying to access a reload or refresh or one in new tab in angular 5
  12. How do I have an S3 bucket return 404 (instead of 403) for a key that does not exist in the bucket/
  13. AWS S3 copy files and folders between two buckets
  14. How to call Amazon S3 bucket using postdata preSigned Url to upload a file using Karate
  15. Getting Access Denied when calling the PutObject operation with bucket-level permission
  16. S3 Error: The difference between the request time and the current time is too large
  17. Best way to move files between S3 buckets?
  18. Amazon S3: Static Web Sites: Custom Domain or Subdomain
  19. What are valid S3 key names that can be accessed via the S3 rest API?
  20. Why are S3 and Google Storage bucket names a global namespace?
  21. Directory Listing in S3 Static Website
  22. Multiple Cloudfront Origins with Behavior Path Redirection
  23. nodejs, multer, aws S3
  24. check if a key exists in a bucket in s3 using boto3
  25. How to access s3a:// files from Apache Spark?
  26. Deploying react-redux app in AWS S3
  27. Serving gzipped CSS and JavaScript from Amazon CloudFront via S3
  28. Difference between upload() and putObject() for uploading a file to S3?
  29. How to specify a prefix when uploading to S3 using activestorage’s direct upload?
  30. How to return a PDF file from in-memory buffer using FastAPI?

Leave a Comment