I need an Amazon S3 user with full access to a single bucket

Question 1

I need an Amazon S3 user with full access to a single bucket

amazon-s3 amazon-web-services user-permissions amazon-iam

Kit Sunde · Nov 20, 2011 · Viewed 30.8k times · Source

Answer

Answer

You need to grant s3:ListBucket permission to the bucket itself. Try the policy below.

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "S3:*",
      "Resource": "arn:aws:s3:::bar/*",
      "Condition": {}
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": "arn:aws:s3:::bar",
      "Condition": {}
    }
  ]
}

Question 2

I have a user foo with the following privileges (it's not a member of any group):

{
  "Statement": [
    {
      "Sid": "Stmt1308813201865",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::bar"
    }
  ]
}

That user however seem unable to upload or do much of anything until I grant full access to authenticated users (which might apply to anyone). This still doesn't let the user change permission as boto is throwing an error after an upload when it tries to do do key.set_acl('public-read').

Ideally this user would have full access to the bar bucket and nothing else, what am I doing wrong?

I need an Amazon S3 user with full access to a single bucket

Answer

Related questions