This is effectively a condensed version of Amazon’s documentation for how to give specific IAM users and groups access to specific buckets. Your first step is to create an s3 bucket, 1 IAM group, and at least 2 IAM users:
- Here’s how to create an s3 bucket.
- Here’s how to create IAM groups.
- Here’s how to create IAM users.
Now that we have the s3 bucket, IAM group, and IAM users, we’re ready to add permissions. We only need to add permissions to the group and to the users.
Add the following json permissions to the IAM group, replacing “BUCKET_NAME” with your bucket:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowGroupToSeeBucketListAndAlsoAllowGetBucketLocationRequiredForListBucket",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*"
]
},
{
"Sid": "AllowRootLevelListingOfCompanyBucket",
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::BUCKET_NAME"
],
"Condition": {
"StringEquals": {
"s3:prefix": [
""
],
"s3:delimiter": [
"/"
]
}
}
}
]
}Add the following json permissions to the IAM users, replacing “BUCKET_NAME” with your bucket:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListBucketIfSpecificPrefixIsIncludedInRequest",
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::BUCKET_NAME"
]
}
]
}If you want to grant the IAM users access to a sub-bucket, then do the following, replacing “BUCKET_NAME” and “SUB_BUCKET_NAME” with the respective bucket names:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListBucketIfSpecificPrefixIsIncludedInRequest",
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::BUCKET_NAME"
],
"Condition": {
"StringLike": {
"s3:prefix": [
"SUB_BUCKET/*"
]
}
}
}
]
}That’s it!
From Toby’s Blog
- How Digital Ocean Cost Us Thousands of Dollars in a Single DayHere’s the rub for me: My belief is that bad stuff happens, and you need to own it. Digital Ocean definitely did not own it in this case. I wonder how the original founders of Digital Ocean would have reacted had they been in charge… For example, wouldn’t it be nice if an actual human… […]
- Where uncertainty exists, don’t order specific.4 Idiot Case Studies with 2 simple age-old business lessons. The post Where uncertainty exists, don’t order specific. appeared first on Toby Cryns, WordPress Trainer in Minneapolis, MN.
- “Now THAT was a good meeting!”A single effective meeting can change the course of history for a company. Imagine if you could lead effective meetings EVERY DAY! You can, but it takes curiosity & practice. This article is a good place to start your journey to a more effective you. The post “Now THAT was a good meeting!” appeared first […]
More posts from themightymo.com
How to merge multiple .csv files via command line
Today I downloaded 29 csv files with tax information. I could import those files 1 at a time into WooCommerce, but wouldn’t it be nice if I could merge them first and then only import a single file? The unix command is simple – just navigate to the folder with all the csv files and…
15 Best WordPress Support and Maintenance Services for 2023: Ensuring Your Website Stays in Top Shape
Small business owners and non-profit leaders know that keeping your website secure, fast, and fully-functional is critical to success. Here’s the unspoken truth: You can either learn how to do all that tech maintenance and development stuff yourself, or hire someone else to do it. But let’s face it, doing it yourself isn’t always the…
How to Whitelist SEM Rush IPs in Cloudflare
Alright, I’m going to show you how to whitelist a set of IPs on CloudFlare. In our case we use SEMrush and we want to make sure the SEMrush has full access to our sites.
From Toby’s Blog
- How Digital Ocean Cost Us Thousands of Dollars in a Single DayHere’s the rub for me: My belief is that bad stuff happens, and you need to own it. Digital Ocean definitely did not own it in this case. I wonder how the original founders of Digital Ocean would have reacted had they been in charge… For example, wouldn’t it be nice if an actual human… […]
- Where uncertainty exists, don’t order specific.4 Idiot Case Studies with 2 simple age-old business lessons. The post Where uncertainty exists, don’t order specific. appeared first on Toby Cryns, WordPress Trainer in Minneapolis, MN.
- “Now THAT was a good meeting!”A single effective meeting can change the course of history for a company. Imagine if you could lead effective meetings EVERY DAY! You can, but it takes curiosity & practice. This article is a good place to start your journey to a more effective you. The post “Now THAT was a good meeting!” appeared first […]