Where is policy of read/write AWS S3 for IAM user

0
votes

I am adding a IAM user for read and write access to objects in AWS S3 bucket from React Native app. I plan to use signed URL to access the objects in a S3 bucket so the policy should be for programmatically access. The IAM user is created just for the purpose of read/write access to S3 bucket. When I open the existing policy to choose from, there are only 4 S3 related policy:

enter image description here

I can use the read only access. But I didn't find write access permission. Full access to the bucket seems to much to give. Also some of them has description of management console use and I am not sure if the policy could be used programmatically.

1
amazon-s3
What do you want the policy to do? How are you going to use the policy? What do you mean by "RN app"? Please edit your question to provide more information about what you are wanting to accomplish.John Rotenstein
Have you tried the listed AmazonS3FullAccess one? Is it enough? Too permissive?Anton
As @JohnRotenstein mentioned edit your question with more details. There are other options(i.e. bucket policy) available which can fulfill your requirement but all depends on more descriptive questions.Nirmal
Anton, full access seems too much permission. What I need is to assign read and write access to the bucket object.user938363

1 Answers

1
votes

It appears that you are asking how to assign read and write permissions on a specific bucket to a specific user.

This can be done by attaching an inline policy to the IAM User. It would be something like:

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "s3:ListAllMyBuckets"
         ],
         "Resource":"arn:aws:s3:::*"
      },
      {
         "Effect":"Allow",
         "Action":[
            "s3:ListBucket",
            "s3:GetBucketLocation"
         ],
         "Resource":"arn:aws:s3:::examplebucket"
      },
      {
         "Effect":"Allow",
         "Action":[
            "s3:PutObject",
            "s3:PutObjectAcl",
            "s3:GetObject",
            "s3:GetObjectAcl",
            "s3:DeleteObject"
         ],
         "Resource":"arn:aws:s3:::examplebucket/*"
      }
   ]
}

Please note that some permissions are granted against the bucket (eg ListBucket) while some are granted within the bucket (eg GetBucket).

See: User Policy Examples - Amazon Simple Storage Service