使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Allowing an IAM user access (Uploading and Deleting) to one of our specific buckets.

0

Hello everyone, I am very new in configuring and setting up permissions to our AWS users. I am trying to give permission to one of our AIM account users to delete and upload objects to one of existed buckets. That would be very nice of you if you can help me and write me the steps to follow. I have already done the following: I have already created a group and added the desired username. I have created a policy and attached it the group. I added some JSON commands too, but I do not know why it does not work.

Please help me assign the rights to the user that he can upload and delete an object. Many thanks in advance.

  • Dylan Zenner
    7 個月前

    Can you paste in the JSON that you have tried? Remove any PII data

主題
安全性、身分識別與合規
標籤
AWS Identity and Access ManagementIAM 政策
語言
English
huma
已提問 7 個月前檢視次數 254 次
2 個答案
1
已接受的答案

Hi Huma, I hope you are doing great. It is not clear for me if the user you are trying to configure will need programmatic access (using the terminal commands) or it needs access through the AWS Management Console.

If your user needs programmatic access, The policy attached to your group should be like the following.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET/*"]
    }
  ]
}

If your user needs access through the AWS Management Console, the policy attached to your group should be like the following.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListAllMyBuckets"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": ["arn:aws:s3:::NAME-OF-YOUR-BUCKET/*"]
    }
  ]
}

I hope the above helps for your user case.

Have a great week ahead!

profile pictureAWS
專家
Sercast
已回答 7 個月前
profile picture
專家
Giovanni Lauria
已審閱 1 個月前
  • huma
    7 個月前

    Thanks a lot, our user needs access through the AWS Management Console. I will compare my JSON code with yours, but it seems to be the same. I still will review. I hope it works.

  • huma
    7 個月前

    I had the same code, but the only mistake was "*". I did not give it to the end of the source path. Thanks again for your help.

1

Without the specific JSON I won't be able to tell what you've done wrong but if you follow these steps you'll be able to give the user the required permissions to the bucket: https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-policies-s3.html#iam-policy-ex0:~:text=within%20your%20organization-,Allowing%20an%20IAM%20user%20access%20to%20one%20of%20your%20buckets,-In%20this%20example

Dylan Zenner
已回答 7 個月前
  • huma
    7 個月前

    Thank you so much. I have followed the same link as you sent me, but it is not working.

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容