0 votes
1 view
in AWS by (18.2k points)

I have a user foo with the following privileges (it's not a member of any group):

{

  "Statement": [

    {

      "Sid": "Stmt1308813201865",

      "Action": "s3:*",

      "Effect": "Allow",

      "Resource": "arn:aws:s3:::bar"

    }

  ]

}

That user, however, seems unable to upload or do much of anything until I grant full access to authenticated users (which might apply to anyone). This still doesn't let the user change permission as boto is throwing an error after upload when it tries to do key.set_acl('public-read').

Ideally, this user would have full access to the bar bucket and nothing else, what am I doing wrong?

1 Answer

0 votes
by (42.4k points)

You need to grant s3:ListBucket permission to the bucket itself. Try the policy below.

{

  "Statement": [

    {

      "Effect": "Allow",

      "Action": "S3:*",

      "Resource": "arn:aws:s3:::bar/*",

      "Condition": {}

    },

    {

      "Effect": "Allow",

      "Action": [

        "s3:ListBucket"

      ],

      "Resource": "arn:aws:s3:::bar",

      "Condition": {}

    }

  ]

}

Welcome to Intellipaat Community. Get your technical queries answered by top developers !


Categories

...