0 votes
1 view
in AWS by (18.1k points)

I want to create an AWS access key that only allows s3. That means the key can't be used with any other service. Is it possible? How?

1 Answer

0 votes
by (42.2k points)

Yeah, you can use AWS IAM.

For security purposes, you should not give anyone your root credentials, instead, make them an IAM User with specified roles and policies,

You can directly create users and policies from the IAM console:

 {

  "Version": "2012-10-17",

  "Statement": [

    {

      "Effect": "Allow",

      "Action": ["s3:ListAllMyBuckets"],

      "Resource": "arn:aws:s3:::*"

    },

    {

      "Effect": "Allow",

      "Action": [

        "s3:ListBucket",

        "s3:GetBucketLocation"

      ],

      "Resource": "arn:aws:s3:::bucket-name"

    },

    {

      "Effect": "Allow",

      "Action": [

        "s3:PutObject",

        "s3:GetObject",

        "s3:DeleteObject"

      ],

      "Resource": "arn:aws:s3:::bucket-name/*"

    }

  ]

}

...