- create a bucket, leave everything to default, say bucket name is
$BUCKET
- say target user has AWS account id
$USER
- select bucket click on
Permissions
thenBucket Policy
- write
{
"Version": "2012-10-17",
"Id": "Policy$SOMEDESCR",
"Statement": [
{
"Sid": "$SOMEID",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::$USER:root"
},
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::$BUCKET",
"arn:aws:s3:::$BUCKET/*"
]
}
]
}
replacing the $...
as appropriate (ID and Sid don't matter).
Check that user can do
aws s3 ls s3://$BUCKET
aws cp foo.file s3://$BUCKET
- Pick relevant actions, see the docs for list of actions.
- To add a user, just add
aws s3 cp s3://$BUCKET/$KEY s3://$BUCKET/$KEY2 --acl bucket-owner-full-control --recursive
cannot use the same key