Home > Software design >  How do you know which S3 permissions to choose in AWS IAM policies
How do you know which S3 permissions to choose in AWS IAM policies

Time:09-09

I am confused as to how do I know which permissions to grant to Lambda service if I want it to be able to perform HeadBucket action.

Here's what I have in CloudFormation right now, and I just deducted these from the SAM S3ReadBucket policy. But how do I know exactly which permissions are exactly required for this?

This is what I have right now.

      Policies:
        - Statement:
          - Sid: AllowHeadOnBucket
            Effect: Allow
            Action:
              - 's3:GetObject'
              - 's3:ListBucket'
              - 's3:GetBucketLocation'
              - 's3:GetObjectVersion'
              - 's3:GetLifecycleConfiguration'

CodePudding user response:

I would start with the HeadBucket documentation:

To use this operation, you must have permissions to perform the s3:ListBucket action.

So you need s3:ListBucket on the ARN of your S3 bucket e.g. arn:aws:s3:::mybucket.

Page link:https//www.codepudding.com/Softwaredesign/539012.html

Prev:How to monitor fargate ECS web app timeouts in CloudWatch?
Next:Terraform : The "count" object can only be used in "module", "resource"
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding