Skip to content

Instantly share code, notes, and snippets.

@dcloud9

dcloud9/gist:80ff5d3bd3c70408a6f65a6020d8e1a4

Created January 6, 2021 10:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dcloud9/80ff5d3bd3c70408a6f65a6020d8e1a4 to your computer and use it in GitHub Desktop.
Save dcloud9/80ff5d3bd3c70408a6f65a6020d8e1a4 to your computer and use it in GitHub Desktop.
Download ZIP
AWS S3 bucket policy - allow SSO with ReadOnly - AWS accounts with Control Tower as well
Raw
gistfile1.txt
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListBucket",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<aws-account-id>:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AWSReadOnlyAccess_abcde12345..."
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::<s3-bucket-name>"
},
{
"Sid": "AllowReadWrite",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<aws-account-id>:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AWSReadOnlyAccess_abcde12345..."
},
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::<s3-bucket-name>/*"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment