cyberduck access to bucket

Question

when i try to add this permission to allow cyberduck to list the files from a bucket. cyberduck list all the buckets in my account, but only have access to the bucket i entered the key for. what i would like it to do is only list the bucket that i entered the key to and only have access to that bucket . this is the JSON script

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1480515305000",
      "Effect": "Allow",
      "Action": [
        "s3:ListAllMyBuckets",
        "s3:GetBucketLocation"
      ],
      "Resource": [
        "arn:aws:s3:::*"
      ]
    },
    {
      "Sid": "Stmt1480515305002",
      "Effect": "Allow",
      "Action": [
        "s3:List*",
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject"
      ],
      "Resource": [
        "arn:aws:s3:::allowed-bucket",
        "arn:aws:s3:::allowed-bucket/*"
      ]
    }
  ]
}
```

thank you

Answer

Hi, in reviewing the JSON policy document that you provided, what you are seeing is expected.

The first Sid (Stmt1480515305000) allows the IAM user/role to list all of your buckets in the account and get their locations (e.g., AWS region). If you add the specific resource block that you use for the second Sid (Stmt1480515305002), you will restrict the bucket list to the one bucket that you want cyberduck to access. I've included my example below.

```
{
      "Sid": "Stmt1480515305000",
      "Effect": "Allow",
      "Action": [
        "s3:ListAllMyBuckets",
        "s3:GetBucketLocation"
      ],
      "Resource": [
        "arn:aws:s3:::allowed-bucket"
      ]
    }
```

Answer

Hello . thank you for your answer . i wasn't able to apply what you said . lets suppose the bucket i want to list is called bucket1 . how would the code look for that bucket . thank you

cyberduck access to bucket

相關內容