Back

Explore Courses Blog Tutorials Interview Questions
0 votes
2 views
in AWS by (19.1k points)

I have a user foo with the following privileges (it's not a member of any group):

{

  "Statement": [

    {

      "Sid": "Stmt1308813201865",

      "Action": "s3:*",

      "Effect": "Allow",

      "Resource": "arn:aws:s3:::bar"

    }

  ]

}

That user, however, seems unable to upload or do much of anything until I grant full access to authenticated users (which might apply to anyone). This still doesn't let the user change permission as boto is throwing an error after upload when it tries to do key.set_acl('public-read').

Ideally, this user would have full access to the bar bucket and nothing else, what am I doing wrong?

1 Answer

0 votes
by (44.4k points)

You need to grant s3:ListBucket permission to the bucket itself. Try the policy below.

{

  "Statement": [

    {

      "Effect": "Allow",

      "Action": "S3:*",

      "Resource": "arn:aws:s3:::bar/*",

      "Condition": {}

    },

    {

      "Effect": "Allow",

      "Action": [

        "s3:ListBucket"

      ],

      "Resource": "arn:aws:s3:::bar",

      "Condition": {}

    }

  ]

}

Related questions

Want to get 50% Hike on your Salary?

Learn how we helped 50,000+ professionals like you !

0 votes
1 answer

Browse Categories

...