Home > front end >  AWS S3 bucket, restrict actions on creating folders
AWS S3 bucket, restrict actions on creating folders

Time:07-19

Is there any kind of bucket policy or IAM policy which restricts the user in creation of folders. Ex. Let us consider i have an user - User1, i have provided access to the user to certain folder in the S3 bucket. I need to restrict the user in such a way, that the user can only upload and download the objects. The user should not even have access to create a folder. Can that be done? If it can be done, what should be added and where?(Bucket policy or IAM policy)

CodePudding user response:

There is no such thing as "folder" in S3, so you can't prohibit creating something that does not exist. What you see in S3 console as "folder" is just a visual representation of S3 object keys that contain / in their name.

CodePudding user response:

I have solved this on my own, I have a bucket policy which restricts users to only upload a certain type of file. So create folder does not work automatically. The bucket policy i used is mentioned below as reference.

    {
"Version": "2012-10-17",
"Id": "Policy1657799010112",
"Statement": [
    {
        "Sid": "Stmt1657798687256",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": [
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 1/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Dollar/TrendedDetails-Dollar*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Unit/TrendedDetails-Unit*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/0*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/1*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 4/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 5/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/TY/Start*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/YA/Start*.xlsx"
        ]
    },
    {
        "Sid": "Stmt1657798687256",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:PutObject",
        "NotResource": [
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 1/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Dollar/TrendedDetails-Dollar*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Unit/TrendedDetails-Unit*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/0*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/1*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 4/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 5/Latest/Start*.gz",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/TY/Start*.xlsx",
            "arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/YA/Start*.xlsx"
        ]
    }
]

}

Page link:https//www.codepudding.com/frontend/479780.html

Prev:AWS Serverless Lambda Java retrieve all items from Amazon DynamoDB without variable types
Next:CodeBuild failed for cross-account CI/CD pipeline
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding