Home > Software design >  How do you know which S3 permissions to choose in AWS IAM policies
How do you know which S3 permissions to choose in AWS IAM policies

Time:09-09

I am confused as to how do I know which permissions to grant to Lambda service if I want it to be able to perform HeadBucket action.

Here's what I have in CloudFormation right now, and I just deducted these from the SAM S3ReadBucket policy. But how do I know exactly which permissions are exactly required for this?

This is what I have right now.

      Policies:
        - Statement:
          - Sid: AllowHeadOnBucket
            Effect: Allow
            Action:
              - 's3:GetObject'
              - 's3:ListBucket'
              - 's3:GetBucketLocation'
              - 's3:GetObjectVersion'
              - 's3:GetLifecycleConfiguration'

CodePudding user response:

I would start with the HeadBucket documentation:

To use this operation, you must have permissions to perform the s3:ListBucket action.

So you need s3:ListBucket on the ARN of your S3 bucket e.g. arn:aws:s3:::mybucket.

  • Related