2 Answers
- Newest
- Most votes
- Most comments
3
Hello.
To get the list of buckets in the management console, you need the "s3:ListAllMyBuckets" action, but this action cannot be restricted in the resource section, so you cannot restrict it to only specific buckets.
In other words, when displaying the S3 bucket list screen from the management console, it is not possible to display only a specific S3 bucket.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html
I thought that if the "s3:ListBucket" action etc. restricted the resource section at the bucket level, it would be possible to restrict object viewing, so there would be no problem.
Relevant content
- Accepted Answerasked a year ago
- Accepted Answerasked 2 months ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
I understand and thank you for your immediate response. Now considering what you have cited, if I make changes where instead of having 3 different buckets, I have 1 bucket with 3 different folders for each user. Can I apply the specific access I was discussing? User1 can see all folders but user2 will see folder2 and user3 folder3. IF this is doable, please guide towards taking these steps. Like if there are any IAM policies or bucket policies. Thank you.
Similar to buckets, it is not possible to list only specific folders or objects. To list objects and folders, the action "s3:ListBucket" is required, and the resource section of this is "bucket*", so it cannot be restricted by object or folder.