Amazon AWS IAM Group Policy for a Single S3 Bucket

Permalink

Amazon AWS IAM Group Policy for a Single S3 Bucket

It is stupid how difficult it is to allow a group (or a user) access to only one bucket, or a series of select buckets. Here is the policy allowing a group to access a bucket called MY-BUCKET

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::MY-BUCKET"
    },
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::MY-BUCKET/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListAllMyBuckets"
      ],
      "Resource": "*"
    }
  ]

Notice, there is no way to only list this bucket in the S3 console. All buckets under the account WILL be listed, but if any are clicked, a message will notify the user they do not have permissions to access\mutate the given bucket.

Denis 'jumph4x' Ivanov

Amazon AWS IAM Group Policy for a Single S3 Bucket