1 Answer
- Newest
- Most votes
- Most comments
0
Hi, I would suggest to write a resource-based policy in the bucket with a condition containing the username assuming that the user is identified like
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html
see proposed example:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": ["s3:ListBucket"],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::mybucket"],
"Condition": {"StringLike": {"s3:prefix": ["${aws:username}/*"]}}
},
{
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::mybucket/${aws:username}/*"]
}
]
}
You may then make it more solid by adding global conditions relevant to your use case: see https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
For example, aws:referer may be useful to tighten the policy
Relevant content
- asked a year ago
- asked 7 months ago
- asked 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 months ago