S3: How to restrict IAM access to one Bucket

0

How can i restrict IAM access to a user to a single bucket.

已提问 2 年前338 查看次数
2 回答
0

The following AWS official document contains a sample policy, which we hope will be helpful. [1]

[1] User policy examples - Amazon Simple Storage Service
https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-policies-s3.html#iam-policy-ex0
----- excerpt -----

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action": "s3:ListAllMyBuckets",
         "Resource":"*"
      },
      {
         "Effect":"Allow",
         "Action":["s3:ListBucket","s3:GetBucketLocation"],
         "Resource":"arn:aws:s3:::DOC-EXAMPLE-BUCKET1"
      },
      {
         "Effect":"Allow",
         "Action":[
            "s3:PutObject",
            "s3:PutObjectAcl",
            "s3:GetObject",
            "s3:GetObjectAcl",
            "s3:DeleteObject"
         ],
         "Resource":"arn:aws:s3:::DOC-EXAMPLE-BUCKET1/*"
      }
   ]
}

----- excerpt -----

profile picture
mn87
已回答 2 年前
0

If the IAM User already exists, you can make changes to the user from the IAM Management Console. You will want to check to see what access is already set for the User and remove any access that may allow them more access than you would like. The Access Advisor tab is helpful here.

Providing access to the target bucket can then be done in several ways. A direct option would be to use the "Add Inline Policy" link from the Permissions tab. From there you can use the policy example linked by @mn87 in the other answer as a template to get what you need. As you make tweaks to the policy, use the Access Advisor to ensure that their access is limited to what you want.

profile picture
已回答 2 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则