How to give 2 IAM users web access to an S3 bucket

This is effectively a condensed version of Amazon’s documentation for how to give specific IAM users and groups access to specific buckets. Your first step is to create an s3 bucket, 1 IAM group, and at least 2 IAM users:

Now that we have the s3 bucket, IAM group, and IAM users, we’re ready to add permissions. We only need to add permissions to the group and to the users.

Add the following json permissions to the IAM group, replacing “BUCKET_NAME” with your bucket:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowGroupToSeeBucketListAndAlsoAllowGetBucketLocationRequiredForListBucket",
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:GetBucketLocation"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::*"
            ]
        },
        {
            "Sid": "AllowRootLevelListingOfCompanyBucket",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::BUCKET_NAME"
            ],
            "Condition": {
                "StringEquals": {
                    "s3:prefix": [
                        ""
                    ],
                    "s3:delimiter": [
                        "/"
                    ]
                }
            }
        }
    ]
}

Add the following json permissions to the IAM users, replacing “BUCKET_NAME” with your bucket:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowListBucketIfSpecificPrefixIsIncludedInRequest",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::BUCKET_NAME"
            ]
        }
    ]
}

If you want to grant the IAM users access to a sub-bucket, then do the following, replacing “BUCKET_NAME” and “SUB_BUCKET_NAME” with the respective bucket names:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowListBucketIfSpecificPrefixIsIncludedInRequest",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::BUCKET_NAME"
            ],
            "Condition": {
                "StringLike": {
                    "s3:prefix": [
                        "SUB_BUCKET/*"
                    ]
                }
            }
        }
    ]
}

That’s it!

Posted in

The Mighty Mo! Design Co.

RSS From Toby’s Blog

  • WordPress Maintenance Checklist: Keep Your Site Running Smoothly
    Discover the essential tasks for effective WordPress maintenance and ensure your website runs smoothly and securely with our comprehensive guide.
  • Why We Don’t Automate Our WordPress Hosting Business
    There are some great platforms out there to automate your website hosting biz: But we don’t use any of them. Here’s why: Hosting companies only get worse over time. Over the years, I’ve hosted websites on a bunch of platforms: All of these hosting companies share one thing in common: Over time, they all got…
  • Fortify Your WordPress Site: Essential Security Steps
    Securing your WordPress site is a critical component of maintaining your online presence and safeguarding your data. Security is no longer a luxury, it has become a necessity in today’s digital world, where threats are lurking at every corner. This piece dives deep into WordPress security basics, giving you a comprehensive understanding of common vulnerabilities…

More posts from themightymo.com

Reorganize Your WordPress 2.7 Admin Panel with Fluency 2.0

By | February 6, 2009

Yesterday I discovered the new Fluency 2.0 plugin for WordPress 2.7.  It does a fantastic job of cleaning up the admin interface and makes the back-end WordPress experience much better for users.

We Now Offer Search Engine Optimization!

By | February 2, 2009

We have just teamed up with one of the web’s finest search engine optimization gurus, Greg Cryns, and will now be offering his services to you, our customers! For you, our customer, this means that we now have added expertise in driving targeted traffic to your website. Greg has over a decade worth of search…

Adobe CS4 Flash MN Presentation at FlashMN

By | October 14, 2008

Below are my notes from tonight’s FlashMN meeting starring Dustin Tauer.  The presentation focused on the new features of Adobe Creative Suite 4. Illustrator CS4 Can create multiple art boards.  So, if I wanted to use artwork for the front and back of t-shirt, I would create 2 art boards (up to 100).  There are…

RSS From Toby’s Blog

  • WordPress Maintenance Checklist: Keep Your Site Running Smoothly
    Discover the essential tasks for effective WordPress maintenance and ensure your website runs smoothly and securely with our comprehensive guide.
  • Why We Don’t Automate Our WordPress Hosting Business
    There are some great platforms out there to automate your website hosting biz: But we don’t use any of them. Here’s why: Hosting companies only get worse over time. Over the years, I’ve hosted websites on a bunch of platforms: All of these hosting companies share one thing in common: Over time, they all got…
  • Fortify Your WordPress Site: Essential Security Steps
    Securing your WordPress site is a critical component of maintaining your online presence and safeguarding your data. Security is no longer a luxury, it has become a necessity in today’s digital world, where threats are lurking at every corner. This piece dives deep into WordPress security basics, giving you a comprehensive understanding of common vulnerabilities…