Home > Software engineering >  S3 policy - user able to list all prefixes and objects
S3 policy - user able to list all prefixes and objects

Time:11-11

I wanted the to limit the user to upload and list objects in dir1 only but it's able to list all the prefixes of the bucket. It can only upload to dir1 which is desired. How can I modify the policy so that user1 can list and upload objects of dir1 only?

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowListingOfUserFolder",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::mybucket"
            ]
        },
        {
            "Sid": "HomeDirObjectAccess",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::mybucket/dir1/*"
        }
    ]
}

CodePudding user response:

The ListBucket command (which shows objects in a bucket) takes a Condition like this:

  {
     "Effect": "Allow",
     "Action": "s3:ListBucket",
     "Resource": "arn:aws:s3:::my-bucket",
     "Condition":
       "StringLike": {
         "s3:prefix": "dir1/*
       }
  }

This will Allow listing the contents of that bucket, but only if the prefix starts with dir1/.

See also: Use IAM policies to grant access to user-specific folders

Page link:https//www.codepudding.com/Softwareengineering/605937.html

Prev:Access denied when getting transcription
Next:How to display an image from s3 bucket in laravel 9
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding