What permissions are needed to delete an object from a specific bucket in S3

Question

I am trying to create an IAM policy for a lambda role which will give permissions to delete an object. If I do not specify the resource this policy works, but I would like to limit it to the specific bucket:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::bucketname/*",
                "arn:aws:s3:::bucketname"
            ]
        }
    ] }

What am I missing here?

Why do you have PutObject, GetObject, and ListBucket in your policy? — jarmod

samtoddler samtoddler · Accepted Answer · 2021-01-04T17:28:34

From the documentation

        {
    "Version":"2012-10-17",
    "Statement":[
        {
            "Effect":"Allow",
            "Action":["s3:ListBucket","s3:GetBucketLocation"],
            "Resource":"arn:aws:s3:::awsexamplebucket1"
        },
        {
            "Effect":"Allow",
            "Action":[
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:DeleteObject"
            ],
            "Resource":"arn:aws:s3:::awsexamplebucket1/*"
        }
    ]
    }

Make sure, the IAM role for your lambda has trust policy setup.

What permissions are needed to delete an object from a specific bucket in S3

2 Answers