Last Updated: September 09, 2019
·
565
· mavimo

Enable a user to access to a single S3 bucket

You need to access in your AWS console and activate IAM access control.

  • Create a new bucket in S3
  • Create a new group in IAM
  • Create a new policy in the IAM group and add:

    {
      "Statement": [
        {
          "Effect": "Allow",
          "Action": "s3:*",
          "Resource": [
            "arn:aws:s3:::test-bucket-mavimo",
            "arn:aws:s3:::test-bucket-mavimo/*"
          ]
        },
        {
          "Effect": "Allow",
          "Action": "s3:ListAllMyBuckets",
          "Resource": "arn:aws:s3:::*"
        }
      ]
    }

    and change the bucket name (from test-bucket-name to your real bucket name).

  • Create a new user in IAM

  • Add the user in the group created before

Now you can use your user credential to access and write/read in our bucket. User can list all bucket but can't access to data avialable inside the not authorized bucket. This is a know problem but there are not workaround.