AWS IAM policy for more than one bucket

1
votes

What is advisable when one needs an IAM policy for more than two buckets? Bucket names are pretty different from one another.

  1. Combine all the access and put it in one IAM policy?
  2. Create n number of polices for n buckets?

If 1 is the answer, can someone help with an example of read/write permissions on two buckets 1. bucket-a 2. bucket-b

1
amazon-web-servicesamazon-s3amazon-iam

1 Answers

2
votes

Are you creating IAM User Policies or S3 Bucket Policies? I will assume S3 bucket policies for this answer.

S3 buckets can only have one policy applied at a time.

This S3 bucket policy will grant anonymous access to read (get) and write (put) objects for two buckets. Note, the anonymous users will not be able to list objects.

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddPerm",
      "Effect":"Allow",
      "Principal": "*",
      "Action":[
           "s3:GetObject",
           "s3:PutObject"
      ],
      "Resource":[
          "arn:aws:s3:::bucket-a/*",
          "arn:aws:s3:::bucket-b/*"
      ]
    }
  ]
}

Specifying Permissions in a Policy