I have an S3 bucket that is being used to host a static website. This example shows a policy that grants everyone access to the objects in the specified bucket (i.e. making the website public):
{
"Version":"2012-10-17",
"Statement":[{
"Sid":"PublicReadGetObject",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::example-bucket/*"]
}]
}
However, I want to make the website accessible to only specific Amazon users. So following this documentation, I specify these users in Principal
:
{
"Version":"2012-10-17",
"Statement":[{
"Sid":"PublicReadGetObject",
"Effect":"Allow",
"Principal": {
"AWS": "arn:aws:iam::Account-ID:user/Dave"
},
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::example-bucket/*"]
}]
}
While this correctly enables permissions for who can access the resource via the S3 console, it results in a 403 for everybody trying to access the hosted website.
Is it possible to have user-level permissions restricting access to a hosted bucket?