S3 prefix-selective cross-account permissions

0

Hi Experts I need to create selective permissions set on a single S3 bucket for different AWS accounts (either role or user) on a per prefix. example for the structure in the S3 bucket: my_s3_bucket/account1 my_s3_bucket/account2

I want to enable account1\2 programmatic access to put\get\delete objects on their corresponding prefixes without seeing\listing any other account`s prefix Is this a support pattern? If yes - how should it be implemented.

Thanks

1 réponse
0

Hi BoazG,

check out this blog from aws in wich it is configured with iam-users. But it should be the same procedure with external accounts.

Also you should configure it as a bucket resource policy.

https://aws.amazon.com/de/premiumsupport/knowledge-center/iam-s3-user-specific-folder/

profile picture
HeikoMR
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions