Here's my IAM policy to allow users to have full access to only noones/tickets/ANZ Stadium/*. users cannot read/download/write other than this folder/ANZ Stadium/*
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowGroupToSeeBucketListInTheConsole",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*"
]
},
{
"Sid": "AllowRootAndHomeListingOfCompanyBucket",
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::noones"
],
"Condition": {
"StringEquals": {
"s3:prefix": [
"",
"tickets/"
],
"s3:delimiter": [
"/"
]
}
}
},
{
"Sid": "AllowListingOfUserFolder",
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::noones"
],
"Condition": {
"StringLike": {
"s3:prefix": [
"tickets/ANZ Stadium/*"
]
}
}
},
{
"Sid": "AllowAllS3ActionsInUserFolder",
"Action": [
"s3:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::noones/tickets/ANZ Stadium/*"
]
}
]
}
I think the policy is correct and it works fine in aws s3 console of the user.
But I got access denied error while trying to browse through s3 browser on the same bucket using same user.
Am i missing something?
Aucun commentaire:
Enregistrer un commentaire