2 Answers
- Newest
- Most votes
- Most comments
1
You can use tags on the IAM users and on the buckets and then create a policy that allows access if the values of these tags are equal, using the same policy for each user. Something like this:
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": s3:*,
"Resource": "*",
"Condition": {"StringEquals":
{"aws:ResourceTag/Owner": "${aws:PrincipalTag/Name}"}}
}
}
1
Hi, yes: you can have a single policy and use IAM conditions to allow to a given principal Have a look at https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html And search for aws:PrincipalArn in this page to see examples
Relevant content
- asked 10 months ago
- asked a year ago
- asked 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 7 months ago