AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Allowing an IAM user access (Uploading and Deleting) to one of our specific buckets.

0

Hello everyone, I am very new in configuring and setting up permissions to our AWS users. I am trying to give permission to one of our AIM account users to delete and upload objects to one of existed buckets. That would be very nice of you if you can help me and write me the steps to follow. I have already done the following: I have already created a group and added the desired username. I have created a policy and attached it the group. I added some JSON commands too, but I do not know why it does not work.

Please help me assign the rights to the user that he can upload and delete an object. Many thanks in advance.

  • Dylan Zenner
    7달 전

    Can you paste in the JSON that you have tried? Remove any PII data

주제
보안, 신원 및 규정 준수
태그
AWS 자격 증명 및 액세스 관리IAM 정책
언어
English
huma
질문됨 7달 전257회 조회
2개 답변
1
수락된 답변

Hi Huma, I hope you are doing great. It is not clear for me if the user you are trying to configure will need programmatic access (using the terminal commands) or it needs access through the AWS Management Console.

If your user needs programmatic access, The policy attached to your group should be like the following.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET/*"]
    }
  ]
}

If your user needs access through the AWS Management Console, the policy attached to your group should be like the following.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListAllMyBuckets"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET/*"]
    }
  ]
}

I hope the above helps for your user case.

Have a great week ahead!

profile pictureAWS
전문가
Sercast
답변함 7달 전
profile picture
전문가
Giovanni Lauria
검토됨 2달 전
  • huma
    7달 전

    Thanks a lot, our user needs access through the AWS Management Console. I will compare my JSON code with yours, but it seems to be the same. I still will review. I hope it works.

  • huma
    7달 전

    I had the same code, but the only mistake was "*". I did not give it to the end of the source path. Thanks again for your help.

1

Without the specific JSON I won't be able to tell what you've done wrong but if you follow these steps you'll be able to give the user the required permissions to the bucket: https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-policies-s3.html#iam-policy-ex0:~:text=within%20your%20organization-,Allowing%20an%20IAM%20user%20access%20to%20one%20of%20your%20buckets,-In%20this%20example

Dylan Zenner
답변함 7달 전
  • huma
    7달 전

    Thank you so much. I have followed the same link as you sent me, but it is not working.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠