Hello,
I would like to let group of users to see only subset of my account buckets, so they do not try to use these buckets they have no access to.
I looked all over and found no solution, many people experience the same but no definite working setup is available.
The users are using SSO with temporary credentials so they are not available at the account.
The ListBuckets API[1] requires s3:ListAllMyBuckets permission which does not accept resource.
Managing bucket ACL per each owner is something that seems a huge overhead to manage, and I could not find how to integrate this into the roles.
Is there any option to apply a filter on the output of ListBucket, preferably to have a filter based on rule permissions.
I thought that the permission to perform s3:GetBucketLocation will be queried per each bucket so that ListBuckets will return only these buckets that the role have permission to locate, this may be s a clean solution.
I will appreciate any hint, how do I return my user roles only pre-defined list of buckets.
Regards,
Alon
[1] https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html
Thank you @carlo-mencarelli, However, unless I do not understand the s3:ListBucket permission does not filter the list of buckets the user sees. Do you have a working configuration in which you have
a
,b
,c
buckets in accounts butaws s3 ls
shows onlyc
usings3:ListBucket
Regards, Alon