Search
Search

IAM Policy: Users cannot access S3 bucket

Herena Published at Dev
23
Herena

I have created an user and assigned the below inline Policy. On same time I created one bucket in s3.

"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucketname"

When I apply this policy to the particular user and try accessing S3,the specific bucket listed in resources its not showing up? My concern is I have given Action to all s3 and then y didn't my bucket is showing up in S3?

Through visual editor I tried creating policy for same things and the policy look like below

 {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:ListStorageLensConfigurations",
                "s3:ListAccessPointsForObjectLambda",
                "s3:GetAccessPoint",
                "s3:PutAccountPublicAccessBlock",
                "s3:GetAccountPublicAccessBlock",
                "s3:ListAllMyBuckets",
                "s3:ListAccessPoints",
                "s3:ListJobs",
                "s3:PutStorageLensConfiguration",
                "s3:ListMultiRegionAccessPoints",
                "s3:CreateJob"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::bucketname"
        }
    ]
}

Why did separate action is created for listing and its allowed for every resources?

John Rotenstein

Some actions are performed at the bucket-level (eg Listing a bucket), while some are performed at the object-level (eg downloading objects).

You can grant both permissions simultaneously with:

Here is an example from User policy examples - Amazon Simple Storage Service:

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action": "s3:ListAllMyBuckets",
         "Resource":"*"
      },
      {
         "Effect":"Allow",
         "Action":["s3:ListBucket","s3:GetBucketLocation"],
         "Resource":"arn:aws:s3:::bucketname"
      },
      {
         "Effect":"Allow",
         "Action":[
            "s3:PutObject",
            "s3:PutObjectAcl",
            "s3:GetObject",
            "s3:GetObjectAcl",
            "s3:DeleteObject"
         ],
         "Resource":"arn:aws:s3:::bucketname/*"
      }
   ]
}

You can combine it all into a single policy too:

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect": "Allow",
         "Action": "*",
         "Resource": ["arn:aws:s3:::bucketname", "arn:aws:s3:::bucketname/*"]
      }
   ]
}

However, please note that this "Allow All" policy is also granting permission for the user to delete objects and buckets, so you should be very careful when granting such permission to users.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

Access is denied even if IAM user is specified in S3 bucket policy

How to grant access only to the Root Account User for an S3 bucket with IAM Policy AWS?

AWS IAM Policies: How do I alter the AWSLambdaFullAccess policy to only allow access to one S3 bucket?

S3 bucket access restriction with bucket policy

AWS S3: Setting a bucket policy for multiple users in an account

How to set up S3 Policies for multiple IAM users such that each individual only has access to their personal bucket folder?

IAM Policy for S3 folder access based on Cognito ID

IAM Policy for S3 folder access for group of Cognito IDs

Cannot 'getObject' from S3 bucket - policy not working

Cannot set bucket policy of amazon s3

AWS S3 Bucket policy editor access denied

S3 bucket policy for the access from inside of ECS container

S3 bucket policy vs access control list

AWS - S3 - Creating a Bucket Policy - Error: Access Denied

AWS S3 Bucket policy Access Denyed

s3 bucket policy to access object url

Access denied when put bucket policy on aws s3 bucket with root user (= bucket owner)

AWS IAM Policy: Restrict Bucket/Folder Access By User/Role?

IAM user policy returning 403 Forbidden on Amazon S3 bucket

Unable to use aws:username to get the current IAM uername in AWS S3 bucket policy

AWS IAM Policy Issues writing to s3 bucket for Grafana alerts

S3 bucket policy, how to ALLOW a IAM group from another account?

Does S3 provide any bucket policy to share the objects to IAM user for a limited time?

Restrict access to a S3 bucket to admin users

Access Denied when creating S3 Bucket ACL & S3 Policy using Terraform

S3 Bucket Policy to allow S3 Access to Current Authenicated user in AWS Console?

AWS: Could not able to give s3 access via s3 bucket policy

IAM user can only access S3 bucket when bucket is set to public

How to properly setup an IAM execution role and a bucket policy for getting lambda writing to a public read S3 bucket?

TOP Ranking

  1. 1

    Failed to listen on localhost:8000 (reason: Cannot assign requested address)

  2. 2

    Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

  3. 3

    pump.io port in URL

  4. 4

    grouping by column variables and appending a new variable based on condition

  5. 5

    Vector input in shiny R and then use it

  6. 6

    Can a 32-bit antivirus program protect you from 64-bit threats

  7. 7

    Python Read Directory And Output to CSV

  8. 8

    Remove adjacent duplicates in linked list in C

  9. 9

    Angular 8. Unknown amount of http.get requests in array to call, must be sequential, what to use

  10. 10

    Json Schema - Conditional Evaluation with RegEx

  11. 11

    Getting 502 Bad Gateway Error While Deploying WordPress On Dockerized Lemp?

  12. 12

    JMeter: Why get error when try to save test plan

  13. 13

    Group boxplot data while keeping their individual X axis labels in ggplot2 in R

  14. 14

    How to how increase/decrease compared to adjacent cell

  15. 15

    How to keep curl session alive between two php processes?

  16. 16

    In Pandas UnicodeDecodeError Cannot decode Unicode Ascii in JSON file using pandas.read_json()

  17. 17

    MTKView Displaying Wide Gamut P3 Colorspace

  18. 18

    BigQuery - concatenate ignoring NULL

  19. 19

    Error in v-on handler (Promise/async): "TypeError: Cannot read property 'data' of undefined" // undefined

  20. 20

    An unhandled exception occurred: Collection "@angular/material" cannot be resolved

  21. 21

    How to call angular controller scope function from directive with parameters?

HotTag

Archive