How to restrict all access to the AWS s3 bucket-CodePudding

I want to restrict aws s3 bucket to not get access from anywhere, I want block all access public, private, bucket, folder, file everything of that bucket after that then i want to create an access point of s3 then I want to give permission to an IAM user so that only that IAM user can perform all action but only that IAM user now I am not sure what exactly I also enable or disable like public access or something also, i don't know I have to give a policy to the bucket or access point

CodePudding user response：

I want to restrict aws s3 bucket to not get access from anywhere, I want block all access public, private, bucket, folder, file everything of that bucket

Use this policy to restrict all access:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "DenyAll",
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::bucket/*"
    }
  ]
}

then i want to create an access point of s3 then I want to give permission to an IAM user so that only that IAM user can perform all action but only that IAM user

Use this policy to restrict all access except for one IAM user:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "DenyAllExceptRole",
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::bucket/*",
      "Condition": {
        "StringNotEquals": {
          "aws:PrincipalArn": "IAM-ROLE-ARN"
        }
      }
    },
    {
      "Sid": "AllowRole",
      "Effect": "Allow",
      "Principal": "IAM-ROLE-ARN",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::bucket/*"
    }  
  ]
}