S3: How to restrict IAM access to one Bucket

0

How can i restrict IAM access to a user to a single bucket.

asked 2 months ago23 views
2 Answers
0

The following AWS official document contains a sample policy, which we hope will be helpful. [1]

[1] User policy examples - Amazon Simple Storage Service
https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-policies-s3.html#iam-policy-ex0
----- excerpt -----

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action": "s3:ListAllMyBuckets",
         "Resource":"*"
      },
      {
         "Effect":"Allow",
         "Action":["s3:ListBucket","s3:GetBucketLocation"],
         "Resource":"arn:aws:s3:::DOC-EXAMPLE-BUCKET1"
      },
      {
         "Effect":"Allow",
         "Action":[
            "s3:PutObject",
            "s3:PutObjectAcl",
            "s3:GetObject",
            "s3:GetObjectAcl",
            "s3:DeleteObject"
         ],
         "Resource":"arn:aws:s3:::DOC-EXAMPLE-BUCKET1/*"
      }
   ]
}

----- excerpt -----

profile picture
mn87
answered 2 months ago
0

If the IAM User already exists, you can make changes to the user from the IAM Management Console. You will want to check to see what access is already set for the User and remove any access that may allow them more access than you would like. The Access Advisor tab is helpful here.

Providing access to the target bucket can then be done in several ways. A direct option would be to use the "Add Inline Policy" link from the Permissions tab. From there you can use the policy example linked by @mn87 in the other answer as a template to get what you need. As you make tweaks to the policy, use the Access Advisor to ensure that their access is limited to what you want.

profile picture
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions