Skip to content

Instantly share code, notes, and snippets.

@tlienart

tlienart/s3-share.md

Last active September 11, 2020 17:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tlienart/88a67e5593c544eaec4853bd5cfcd176 to your computer and use it in GitHub Desktop.
Save tlienart/88a67e5593c544eaec4853bd5cfcd176 to your computer and use it in GitHub Desktop.
Download ZIP
Share a bucket with another AWS user granting RW access.
Raw
s3-share.md
  • create a bucket, leave everything to default, say bucket name is $BUCKET
  • say target user has AWS account id $USER
  • select bucket click on Permissions then Bucket Policy
  • write
{
    "Version": "2012-10-17",
    "Id": "Policy$SOMEDESCR",
    "Statement": [
        {
            "Sid": "$SOMEID",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::$USER:root"
            },
            "Action": [
                "s3:GetObject",
                "s3:ListBucket",
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::$BUCKET",
                "arn:aws:s3:::$BUCKET/*"
            ]
        }
    ]
}

replacing the $... as appropriate (ID and Sid don't matter).

Check that user can do

aws s3 ls s3://$BUCKET
aws cp foo.file s3://$BUCKET

Notes

  • Pick relevant actions, see the docs for list of actions.
  • To add a user, just add

Reset ACL

aws s3 cp s3://$BUCKET/$KEY s3://$BUCKET/$KEY2 --acl bucket-owner-full-control --recursive

cannot use the same key

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment