How to give 2 IAM users web access to an S3 bucket

This is effectively a condensed version of Amazon’s documentation for how to give specific IAM users and groups access to specific buckets. Your first step is to create an s3 bucket, 1 IAM group, and at least 2 IAM users:

Now that we have the s3 bucket, IAM group, and IAM users, we’re ready to add permissions. We only need to add permissions to the group and to the users.

Add the following json permissions to the IAM group, replacing “BUCKET_NAME” with your bucket:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowGroupToSeeBucketListAndAlsoAllowGetBucketLocationRequiredForListBucket",
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:GetBucketLocation"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::*"
            ]
        },
        {
            "Sid": "AllowRootLevelListingOfCompanyBucket",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::BUCKET_NAME"
            ],
            "Condition": {
                "StringEquals": {
                    "s3:prefix": [
                        ""
                    ],
                    "s3:delimiter": [
                        "/"
                    ]
                }
            }
        }
    ]
}

Add the following json permissions to the IAM users, replacing “BUCKET_NAME” with your bucket:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowListBucketIfSpecificPrefixIsIncludedInRequest",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::BUCKET_NAME"
            ]
        }
    ]
}

If you want to grant the IAM users access to a sub-bucket, then do the following, replacing “BUCKET_NAME” and “SUB_BUCKET_NAME” with the respective bucket names:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowListBucketIfSpecificPrefixIsIncludedInRequest",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::BUCKET_NAME"
            ],
            "Condition": {
                "StringLike": {
                    "s3:prefix": [
                        "SUB_BUCKET/*"
                    ]
                }
            }
        }
    ]
}

That’s it!

Posted in

The Mighty Mo! Design Co.

RSS From Toby’s Blog

  • WordPress Maintenance Checklist: Keep Your Site Running Smoothly
    Discover the essential tasks for effective WordPress maintenance and ensure your website runs smoothly and securely with our comprehensive guide.
  • Why We Don’t Automate Our WordPress Hosting Business
    There are some great platforms out there to automate your website hosting biz: But we don’t use any of them. Here’s why: Hosting companies only get worse over time. Over the years, I’ve hosted websites on a bunch of platforms: All of these hosting companies share one thing in common: Over time, they all got…
  • Fortify Your WordPress Site: Essential Security Steps
    Securing your WordPress site is a critical component of maintaining your online presence and safeguarding your data. Security is no longer a luxury, it has become a necessity in today’s digital world, where threats are lurking at every corner. This piece dives deep into WordPress security basics, giving you a comprehensive understanding of common vulnerabilities…

More posts from themightymo.com

Convert aiff to mp3

How to Convert .aiff to .mp3 files via Command Line

By The Mighty Mo! Design Co. | June 29, 2023

Yesterday I ran into an issue where I needed to convert .aiff files to .mp3. DBPowerAmp was recommended to me as a paid GUI tool. But I wanted something more lightweight, since this is a task I rarely need to do (most of the time, I’m already in Logic Pro, and exporting is simple there).…

google business reviews disappeared 1

Google Removed Our Business Listing – How we restored our biz to the Map and got our reviews back.

By The Mighty Mo! Design Co. | June 12, 2023

I was about to send an email to a potential customer pointing them to our 5-star Google Reviews via our Google Business profile (e.g. the Google Map), hoping this added information about our customers’ past experiences might help me close a deal. But when I checked the Google Reviews link, it was down. And after…

cloudways off site backup pricing

The Price We Pay: Cloudways Off-Site Backup vs. Budget WordPress Hosts

By The Mighty Mo! Design Co. | June 5, 2023

Cloudways Off-Site Backup Pricing Calculator: The Ultimate Cost Guide

RSS From Toby’s Blog

  • WordPress Maintenance Checklist: Keep Your Site Running Smoothly
    Discover the essential tasks for effective WordPress maintenance and ensure your website runs smoothly and securely with our comprehensive guide.
  • Why We Don’t Automate Our WordPress Hosting Business
    There are some great platforms out there to automate your website hosting biz: But we don’t use any of them. Here’s why: Hosting companies only get worse over time. Over the years, I’ve hosted websites on a bunch of platforms: All of these hosting companies share one thing in common: Over time, they all got…
  • Fortify Your WordPress Site: Essential Security Steps
    Securing your WordPress site is a critical component of maintaining your online presence and safeguarding your data. Security is no longer a luxury, it has become a necessity in today’s digital world, where threats are lurking at every corner. This piece dives deep into WordPress security basics, giving you a comprehensive understanding of common vulnerabilities…