Last Updated: February 25, 2016
·
4.686K
· kjohnston

Assigning an AWS IAM user access to a single S3 bucket

When purposing an S3 bucket for a specific use case where single user will need access to work with that bucket a policy similar to the one below can be assigned to a user in IAM:

This is relevant in situations such as Using pgbackups-archive to automate archving Heroku backups to S3.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::myapp-backups"
        },
        {
            "Action": "s3:PutObject",
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::myapp-backups/*"
        }
    ]
}