1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Hi Gouda!
Organizing your scenario:
- Your bucket should be publicly accessible through a URL.
- Anyone can retrieve objects from the bucket.
- Only IAM users can upload (put) objects into the bucket.
You can use the following bucket policy to implement this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
},
{
"Sid": "IAMPutObject",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::YOUR_AWS_ACCOUNT_ID:user/YOUR_IAM_USERNAME"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
}
]
}
Make right replaces on policy.
Remember to attach the necessary S3 permissions to the IAM user's permissions policy to allow uploading objects.
I'll keep tracking your comments to see if you've found a resolution.
répondu il y a 8 mois
Contenus pertinents
- demandé il y a 4 mois
- demandé il y a un an
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 9 mois
Agree with the Get object. The PutObject, technically if its in the same account account, you could just use IAM Policies instead of using the bucket policy to grant access.