Instantly share code, notes, and snippets.

Embed
What would you like to do?
IAM policy to grant a user narrow access to one S3 bucket
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::bucket-name"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::bucket-name/*"
]
}
]
}
@rbrisita

This comment has been minimized.

rbrisita commented Jul 16, 2018

As of 2018-07-16, the policy summary will complain about having "s3:ListAllMyBuckets" when the resource does not have an '*'. I deleted it from the JSON policy to satisfy the summary.

@morariu

This comment has been minimized.

morariu commented Oct 5, 2018

I was trying this policy but getting a "Missing required field Principal" error.

@sr9yar

This comment has been minimized.

sr9yar commented Oct 10, 2018

I was trying this policy but getting a "Missing required field Principal" error.

Check this out: https://gist.github.com/sr9yar/a05e278a6dddbaa66da004bbe021b2b4
Worked for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment