aws s3 bucket policy

0
votes

I have created a simple policy to access a specific bucket for a authenticated(access key/password )user. Following is policy 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::xxxxxxx/*"
            ]
        }
    ]
}

But user cannot able to access it. if i replace Resource with "arn:aws:s3:::*", it works but show all buckets to attached user.

2
amazon-web-servicesamazon-s3policy
Can you please elaborate what are you trying to achieve? - Hussain K
As mentioned in question, specific buck for specific user. - Mudasar Yasin

2 Answers

4
votes

Try this instead:

{
  "Statement": [
    {
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::xxxxxxx",
        "arn:aws:s3:::xxxxxxx/*"
      ]
    }
  ]
}

You need to grant access within the bucket (the /*) and then to the bucket itself, which is the part you are missing.

3
votes

As E.J. Brennan suggested you can add the bucket itself to Resource list but that would give the user the right to delete the bucket itself. If you just want them to view the bucket and be able to modify the objects inside it, you can grant list access to the bucket in addition to what you currently have like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::xxxxxxx"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::xxxxxxx/*"
            ]
        }
    ]
}