Questions tagged with IAM Policies

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

IAM Policy Grammar - Clarification

Had a question around the policy grammar of IAM. In https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html#policies-grammar-notes, towards the end of the grammar it says, ``` <condition_block> = "Condition" : { <condition_map> } <condition_map> = { <condition_type_string> : { <condition_key_string> : <condition_value_list> }, <condition_type_string> : { <condition_key_string> : <condition_value_list> }, ... } <condition_value_list> = [<condition_value>, <condition_value>, ...] <condition_value> = ("string" | "number" | "Boolean") ``` However, in this page https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_multi-value-conditions.html, I see the following example, ``` "Condition": { "StringEqualsIgnoreCase": { "aws:PrincipalTag/department": [ "finance", "hr", "legal" ], "aws:PrincipalTag/role": [ "audit", "security" ] }, "StringEquals": { "aws:PrincipalAccount": "123456789012" } } ``` So, shouldn't the grammar be the following? ``` <condition_block> = "Condition" : { <condition_map> } <condition_map> = { <condition_type_string> : { <condition_key_string> : <condition_value_list>, <condition_key_string> : <condition_value_list>, ... }, <condition_type_string> : { <condition_key_string> : <condition_value_list>, <condition_key_string> : <condition_value_list>, ... }, ... } <condition_value_list> = [<condition_value>, <condition_value>, ...] ``` Did I not understand correctly? If I did, which one is correct, the example or the grammar?
1
answers
0
votes
37
views
asked 22 days ago

Make bucket public; that is, all authenticated users can get and put to the bucket

Make bucket public; that is, all authenticated users can get and put to the bucket. This is what I currently have ```ts const public_s3 = new Bucket(stack, "public-uploads", { cdk: { bucket: { publicReadAccess: true, blockPublicAccess: { blockPublicAcls: false, // I have tried a lot of different combinations of these 4 blockPublicPolicy: false, ignorePublicAcls: false, restrictPublicBuckets: false, } } }, cors: [ { maxAge: "1 day", allowedOrigins: ["*"], allowedHeaders: ["*"], allowedMethods: ["GET", "PUT", "POST", "DELETE", "HEAD"], }, ], }); ``` Resulting bucket policy: ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::admin-my-sst-app-storage-publicuploadsbucket3fc1c-12epux2l6t7vn/*" } ] } ``` Screenshot of the 'permissions' tab for my bucket: https://i.gyazo.com/8ca9412a090700b4f286ee42526303a1.png ---------------- And it is not working as you can see in the screenshot below. In the screenshot, I am running this code: ```ts const stored = await Storage.vault.put(filename, file, { bucket: process.env.REACT_APP_PUBLIC_BUCKET, contentType: file.type, }); ``` https://i.gyazo.com/63e84db53ae5b2bc286817d07bf1e470.png Get requests also fails because of 403 forbidden: https://gyazo.com/f56644b1770875087ce9ae267ced68df.png ------------- Looking at the s3 dashboard, it seems like my bucket successfully has been set to public. However, I don't understand why I get forbidden when I do a `storage.vault.put/get` to the bucket then.
1
answers
0
votes
39
views
asked 24 days ago