ilyesAj/s3-policy-appender.sh

## s3-policy-appender.sh
#!/bin/bash
# this script will allow you to append policy within a bucket
# you need to install jq awscli to use this script
[ $# != 1 ] && { echo "Usage: $0 \"bucket_name\""; exit 1; }

bucket="$1"

json_to_add="{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::ACCOUNT-B:user/s3-cross-account\"},\"Action\":[\"s3:ListBucket\",\"s3:GetObject\"],\"Resource\":[\"arn:aws:s3:::${bucket}\",\"arn:aws:s3:::${bucket}/*\"]}"
# get bucket policy
aws s3api get-bucket-policy --bucket ${bucket} --query Policy --output text > policy-${bucket}.json

# append on json file
jq '.Statement[1] |= . + '"${json_to_add}"'' policy-${bucket}.json > policytopush-${bucket}.json
#jq '.Statement[.Statement| length] |= . + '"$json_to_add"'' policy.json

aws s3api put-bucket-policy --bucket ${bucket} --policy file://policytopush-${bucket}.json
	#!/bin/bash
	# this script will allow you to append policy within a bucket
	# you need to install jq awscli to use this script
	[ $# != 1 ] && { echo "Usage: $0 \"bucket_name\""; exit 1; }

	bucket="$1"

	json_to_add="{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::ACCOUNT-B:user/s3-cross-account\"},\"Action\":[\"s3:ListBucket\",\"s3:GetObject\"],\"Resource\":[\"arn:aws:s3:::${bucket}\",\"arn:aws:s3:::${bucket}/*\"]}"
	# get bucket policy
	aws s3api get-bucket-policy --bucket ${bucket} --query Policy --output text > policy-${bucket}.json

	# append on json file
	jq '.Statement[1] \|= . + '"${json_to_add}"'' policy-${bucket}.json > policytopush-${bucket}.json
	#jq '.Statement[.Statement\| length] \|= . + '"$json_to_add"'' policy.json

	aws s3api put-bucket-policy --bucket ${bucket} --policy file://policytopush-${bucket}.json