En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Allowing an IAM user access (Uploading and Deleting) to one of our specific buckets.

0

Hello everyone, I am very new in configuring and setting up permissions to our AWS users. I am trying to give permission to one of our AIM account users to delete and upload objects to one of existed buckets. That would be very nice of you if you can help me and write me the steps to follow. I have already done the following: I have already created a group and added the desired username. I have created a policy and attached it the group. I added some JSON commands too, but I do not know why it does not work.

Please help me assign the rights to the user that he can upload and delete an object. Many thanks in advance.

  • Dylan Zenner
    il y a 7 mois

    Can you paste in the JSON that you have tried? Remove any PII data

Sujets
Sécurité, identité et conformité
Balises
Gestion des identités et des accès AWSPolitiques IAM
Langue
English
huma
demandé il y a 7 mois254 vues
2 réponses
1
Réponse acceptée

Hi Huma, I hope you are doing great. It is not clear for me if the user you are trying to configure will need programmatic access (using the terminal commands) or it needs access through the AWS Management Console.

If your user needs programmatic access, The policy attached to your group should be like the following.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET/*"]
    }
  ]
}

If your user needs access through the AWS Management Console, the policy attached to your group should be like the following.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListAllMyBuckets"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET/*"]
    }
  ]
}

I hope the above helps for your user case.

Have a great week ahead!

profile pictureAWS
EXPERT
Sercast
répondu il y a 7 mois
profile picture
EXPERT
Giovanni Lauria
vérifié il y a un mois
  • huma
    il y a 7 mois

    Thanks a lot, our user needs access through the AWS Management Console. I will compare my JSON code with yours, but it seems to be the same. I still will review. I hope it works.

  • huma
    il y a 7 mois

    I had the same code, but the only mistake was "*". I did not give it to the end of the source path. Thanks again for your help.

1

Without the specific JSON I won't be able to tell what you've done wrong but if you follow these steps you'll be able to give the user the required permissions to the bucket: https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-policies-s3.html#iam-policy-ex0:~:text=within%20your%20organization-,Allowing%20an%20IAM%20user%20access%20to%20one%20of%20your%20buckets,-In%20this%20example

Dylan Zenner
répondu il y a 7 mois
  • huma
    il y a 7 mois

    Thank you so much. I have followed the same link as you sent me, but it is not working.

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents