By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Single IAM Policy for multiple users to access particular S3 bucket.

0

I want to create a policy for IAM. I have 3 IAM users and 3 S3 buckets. Each user can access only one bucket. Is it possible to create one IAM policy to meet the requirements or I have to create 3 different policies? Thank you.

Topics
StorageSecurity, Identity, & Compliance
Tags
Amazon Simple Storage ServiceAWS Identity and Access ManagementIAM Policies
Language
English
rePost-User-6606575
asked a year ago343 views
2 Answers
1
Accepted Answer

You can use tags on the IAM users and on the buckets and then create a policy that allows access if the values of these tags are equal, using the same policy for each user. Something like this:

{
    "Version": "2012-10-17",
    "Statement": {
        "Effect": "Allow",
        "Action": s3:*,
        "Resource": "*",
        "Condition": {"StringEquals": 
            {"aws:ResourceTag/Owner": "${aws:PrincipalTag/Name}"}}
    }
}
profile pictureAWS
EXPERT
kentrad
answered a year ago
1

Hi, yes: you can have a single policy and use IAM conditions to allow to a given principal Have a look at https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html And search for aws:PrincipalArn in this page to see examples

profile pictureAWS
EXPERT
Didier_Durand
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content