2 Answers
- Newest
- Most votes
- Most comments
1
Hi, in reviewing the JSON policy document that you provided, what you are seeing is expected.
The first Sid (Stmt1480515305000) allows the IAM user/role to list all of your buckets in the account and get their locations (e.g., AWS region). If you add the specific resource block that you use for the second Sid (Stmt1480515305002), you will restrict the bucket list to the one bucket that you want cyberduck to access. I've included my example below.
{
"Sid": "Stmt1480515305000",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::allowed-bucket"
]
}
answered 2 years ago
0
Hello . thank you for your answer . i wasn't able to apply what you said . lets suppose the bucket i want to list is called bucket1 . how would the code look for that bucket . thank you
answered 2 years ago
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago