Last Updated: February 25, 2016
·
321
· mremond

IAM policy for S3 bucket

When you want to allow a group accessing an S3 bucket, it is quite common to forget that you need to grant access to both the bucket and his content.

Here is a typical Amazon IAM policy:

"Statement": [
    {
       "Action": "s3:*",
       "Effect": "Allow",
       "Resource": ["arn:aws:s3:::mybucket","arn:aws:s3:::mybucket/*"]
    }]

Without the first resource, you will not be allowed to list the bucket content.