Allow IAM user to access single, access denied

0
votes

I have created IAM policy and assigned to IAM user.

Please find the policy 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListAllMyBuckets"
            ],
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::testingbucket00"
        },
        {
            "Sid": "VisualEditor3",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::testingbucket00/*"
        }
    ]
}

I unchecked "Block new public bucket policies" for s3 bucket testingbucket00.

I tried login aws console using IAM user listing all buckets, but showing "Access as Error".

I want to assign a single bucket to IAM user, please help on this.

1
amazon-web-servicesamazon-s3amazon-iam

1 Answers

1
votes

Even though this IAM user sees 'Error' as the Access value on s3 console, he has access given in the policy document to the bucket 'testingbucket00'.

However, if it is required to see the correct Access value, this IAM user needs to have permission to read bucket permissions. Add below permissions to the actions of the first (VisualEditor1) statement.

"s3:GetBucketPublicAccessBlock", "s3:GetAccountPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketPolicy", "s3:GetBucketPolicyStatus"