1 Answer
- Newest
- Most votes
- Most comments
0
I would use S3 Access Points to achieve this. You can read the full documentation here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html
Each access point has distinct permissions and network controls that S3 applies for any request that is made through that access point. Each access point enforces a customized access point policy that works in conjunction with the bucket policy that is attached to the underlying bucket.
An example of an access point policy to grant access to a Prefix (folder) is here:/
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Statement1", "Principal": { "AWS": "arn:aws:iam::123456789012:root" }, "Effect": "Allow", "Action": [ "s3:*" ], "Resource": [ "arn:aws:s3:us-west-2:123456789012:accesspoint/tester" ], "Condition": { "StringEquals": { "s3:prefix": [ "asdf" ] } } } ] }
answered 2 years ago
Relevant content
- asked 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago