LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Blogs > brentaar
User Name
Password

Notices

Rate this Entry

Aws, iam, and s3

Posted 03-16-2012 at 12:24 PM by brentaar
Updated 03-16-2012 at 12:32 PM by brentaar
Tags aws, aws s3, iam

I've been trying to figure out how the IAM security policies work in AWS for quite a while now.
There is a lot of documentation, pictures, and some examples explaining how to do many things; though what I was looking for was/is hard to find. My goal was to create an IAM policy that would grant an IAM user group access to one S3 bucket. After trying to read examples that made since in theory, I went off trying to cobble a policy that would get me to my goal, with some bumps on the road (be careful of the Grantee option in S3, it can act more globally than expected).

Here are the policies that I came up with to “Allow a Specific Group access to a Specific Bucket”:

The first thing that was needed was to let the group see the available bucket list. When I first set out I just wanted the one specified bucket so be shown, there was little success in that approach.
Code:
{
  "Statement": [
    {
      "Sid": "Stmt1331770574007",
      "Action": [
        "s3:ListAllMyBuckets"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::*"
      ]
    }
  ]
}
The next policy gave full rights for the group to do whatever they want in a specific bucket.
Code:
{
  "Statement": [
    {
      "Sid": "Stmt1331842424093",
      "Action": [
        "s3:*"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::bucket*"
      ]
    }
  ]
}
The key seemed to be the "bucket*", other things I tried where: bucket, bucket/, bucket/*. Though none of them worked in the way I though they should. It must have something to do with folders in buckets not actually being folders, but acting more as keys in a string.
Views 600 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 04:05 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration