AWS create user only with S3 permissions

Question

I know how to create a user through AWS Console en IAM, but I wonder where or how should I set the permissions to that user in order that he only could:

upload/delete files to a specific folder in a specific S3 bucket

I have this bucket:

So I wonder if I have to set up the permissions in that interface, or directly in the user in IAM service

I'm creating a Group there with this policy:

but for "Write" and "Read" there are a lot of policies, which ones do I need only for write/read files in a specific bucket?

Edit: Currently I have this policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:ListBucket",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::static.XXXXXX.com/images/carousel/*",
            "Condition": {
                "BoolIfExists": {
                    "aws:MultiFactorAuthPresent": "true"
                }
            }
        }
    ]
}

I wonder if that is enough to:

log in AWS Console
go to S3 buckets and delete/read objects in the folder of the bucket that I want

Robert Kossendey Robert Kossendey · Accepted Answer · 2021-04-13T13:48:08

You can attach a role to that user that gets a custom policy (Doc).

There you can choose the service, the actions which you want to allow and also the resource which are whitelisted.

AWS create user only with S3 permissions

2 Answers