Read Only IAM policy for AWS S3 | I am Christopher Bale

Had a little difficulty getting the right setting to restrict access to read only on several folders in an AWS S3 bucket.

Here is the eventually policy that worked for me:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::nas-backup",
"Condition": {}
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl"
],
"Resource": [
"arn:aws:s3:::nas-backup/development/*",
"arn:aws:s3:::nas-backup/it/*",
"arn:aws:s3:::nas-backup/aria/*",
"arn:aws:s3:::nas-backup/cto/*",
"arn:aws:s3:::nas-backup/documentation/*",
"arn:aws:s3:::nas-backup/support/*",
"arn:aws:s3:::nas-backup/customer/*",
"arn:aws:s3:::nas-backup/verification/*"
],
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*",
"Condition": {}
}
]
}

Related Posts

Converting and Importing a Virtual Box VM into a AWS EC2 AMI

Masterless Puppet: Connecting a Puppet agent to a central git repo

How do I add swap space to a Linux system

Leave a Reply Cancel reply