AWS re:Postを使用することにより、以下に同意したことになります AWS re:Post 利用規約
AWS re:Postre:Post

Allowing an IAM user access (Uploading and Deleting) to one of our specific buckets.

0

Hello everyone, I am very new in configuring and setting up permissions to our AWS users. I am trying to give permission to one of our AIM account users to delete and upload objects to one of existed buckets. That would be very nice of you if you can help me and write me the steps to follow. I have already done the following: I have already created a group and added the desired username. I have created a policy and attached it the group. I added some JSON commands too, but I do not know why it does not work.

Please help me assign the rights to the user that he can upload and delete an object. Many thanks in advance.

  • Dylan Zenner
    7ヶ月前

    Can you paste in the JSON that you have tried? Remove any PII data

トピック
セキュリティ、アイデンティティ、コンプライアンス
タグ
AWS Identity and Access ManagementIAM ポリシー
言語
English
huma
質問済み 7ヶ月前255ビュー
2回答
1
承認された回答

Hi Huma, I hope you are doing great. It is not clear for me if the user you are trying to configure will need programmatic access (using the terminal commands) or it needs access through the AWS Management Console.

If your user needs programmatic access, The policy attached to your group should be like the following.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET/*"]
    }
  ]
}

If your user needs access through the AWS Management Console, the policy attached to your group should be like the following.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListAllMyBuckets"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET/*"]
    }
  ]
}

I hope the above helps for your user case.

Have a great week ahead!

profile pictureAWS
エキスパート
Sercast
回答済み 7ヶ月前
profile picture
エキスパート
Giovanni Lauria
レビュー済み 2ヶ月前
  • huma
    7ヶ月前

    Thanks a lot, our user needs access through the AWS Management Console. I will compare my JSON code with yours, but it seems to be the same. I still will review. I hope it works.

  • huma
    7ヶ月前

    I had the same code, but the only mistake was "*". I did not give it to the end of the source path. Thanks again for your help.

1

Without the specific JSON I won't be able to tell what you've done wrong but if you follow these steps you'll be able to give the user the required permissions to the bucket: https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-policies-s3.html#iam-policy-ex0:~:text=within%20your%20organization-,Allowing%20an%20IAM%20user%20access%20to%20one%20of%20your%20buckets,-In%20this%20example

Dylan Zenner
回答済み 7ヶ月前
  • huma
    7ヶ月前

    Thank you so much. I have followed the same link as you sent me, but it is not working.

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ