Skip to content

Instantly share code, notes, and snippets.

@ashb
Created May 16, 2017 13:10
Show Gist options
  • Save ashb/d0f152805c313852919d220e6f827b8b to your computer and use it in GitHub Desktop.
Save ashb/d0f152805c313852919d220e6f827b8b to your computer and use it in GitHub Desktop.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListingOfOwnState",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::my-terraform-state",
"Condition": {
"StringLike": {
"aws:userid": "<redacted>:*",
"s3:prefix": "accounts/111111111-*/*"
}
}
},
{
"Sid": "AllowRWOfOwnState",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:PutObject",
"s3:GetObject"
],
"Resource": "arn:aws:s3:::my-terraform-state/accounts/111111111-*/*",
"Condition": {
"StringLike": {
"aws:userid": "<redacted>:*"
}
}
}
]
}
$ aws s3 ls s3://my-terraform-state/accounts/999999999-org-owner/
An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied
$ aws s3 ls s3://my-terraform-state/accounts/111111111-foo/
2017-05-16 13:57:51 0
2017-05-16 13:58:22 29 test
$ aws s3 ls s3://my-terraform-state/accounts/ --recursive
An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment