AWS being one of the most frustrating and difficult to use systems out there has to make everything difficult. This is something that has caused so much headache for me over the years, I'm starting to document it.
This README.md got me started, though didn't quite fit everything I needed.
Here's how you create Policies for a bucket
Assuming the following:
- You created a bucket named
fooand that bucket has blocked all public access. - You created a user named
barthat was given API access (using keys and secrets).
You do the following:
- Add the following AS AN INLINE POLICY to the user -- this will not work when created as a policy on its own.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:PutObject",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::foo/*"
]
}
]
}- Add the following to the Bucket's policy
{
"Version": "2012-10-17",
"Id": "Policy1595548652552",
"Statement": [
{
"Sid": "Stmt1595548649744",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::37122391:user/bar"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::bar"
}
]
}