By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Allowing an IAM user access (Uploading and Deleting) to one of our specific buckets.

0

Hello everyone, I am very new in configuring and setting up permissions to our AWS users. I am trying to give permission to one of our AIM account users to delete and upload objects to one of existed buckets. That would be very nice of you if you can help me and write me the steps to follow. I have already done the following: I have already created a group and added the desired username. I have created a policy and attached it the group. I added some JSON commands too, but I do not know why it does not work.

Please help me assign the rights to the user that he can upload and delete an object. Many thanks in advance.

  • Dylan Zenner
    7 months ago

    Can you paste in the JSON that you have tried? Remove any PII data

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access ManagementIAM Policies
Language
English
huma
asked 7 months ago237 views
2 Answers
1
Accepted Answer

Hi Huma, I hope you are doing great. It is not clear for me if the user you are trying to configure will need programmatic access (using the terminal commands) or it needs access through the AWS Management Console.

If your user needs programmatic access, The policy attached to your group should be like the following.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET/*"]
    }
  ]
}

If your user needs access through the AWS Management Console, the policy attached to your group should be like the following.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListAllMyBuckets"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET/*"]
    }
  ]
}

I hope the above helps for your user case.

Have a great week ahead!

profile pictureAWS
EXPERT
Sercast
answered 7 months ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago
  • huma
    7 months ago

    Thanks a lot, our user needs access through the AWS Management Console. I will compare my JSON code with yours, but it seems to be the same. I still will review. I hope it works.

  • huma
    7 months ago

    I had the same code, but the only mistake was "*". I did not give it to the end of the source path. Thanks again for your help.

1

Without the specific JSON I won't be able to tell what you've done wrong but if you follow these steps you'll be able to give the user the required permissions to the bucket: https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-policies-s3.html#iam-policy-ex0:~:text=within%20your%20organization-,Allowing%20an%20IAM%20user%20access%20to%20one%20of%20your%20buckets,-In%20this%20example

Dylan Zenner
answered 7 months ago
  • huma
    7 months ago

    Thank you so much. I have followed the same link as you sent me, but it is not working.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content