Home > Blockchain >  Giving access to everything within S3 bucket
Giving access to everything within S3 bucket

Time:04-01

Does anyone know if I can use a wildcard and give access to everything within S3 bucket? Instead of adding every location explicitly like I am currently doing?

const policyDoc = new PolicyDocument({
  statements: [
    new PolicyStatement({
      sid: 'Grant role to read/write to S3 bucket',
      resources: [
        `${this.attrArn}`,
        `${this.attrArn}/*`,
        `${this.attrArn}/emailstore`,
        `${this.attrArn}/emailstore/*`,
        `${this.attrArn}/attachments`,
        `${this.attrArn}/attachments/*`
      ],
      actions: ['s3:*'],
      effect: Effect.ALLOW,
      principals: props.allowedArnPrincipals
    })
   ]
});

CodePudding user response:

You should be able to use:

      resources: [
        `${this.attrArn}`,
        `${this.attrArn}/*`
      ],

The first one gives permission for actions on the bucket itself (eg ListBucket), while /* gives permission for actions inside the bucket (eg GetObject).

  • Related