Is there any kind of bucket policy or IAM policy which restricts the user in creation of folders. Ex. Let us consider i have an user - User1, i have provided access to the user to certain folder in the S3 bucket. I need to restrict the user in such a way, that the user can only upload and download the objects. The user should not even have access to create a folder. Can that be done? If it can be done, what should be added and where?(Bucket policy or IAM policy)
CodePudding user response:
There is no such thing as "folder" in S3, so you can't prohibit creating something that does not exist. What you see in S3 console as "folder" is just a visual representation of S3 object keys that contain /
in their name.
CodePudding user response:
I have solved this on my own, I have a bucket policy which restricts users to only upload a certain type of file. So create folder does not work automatically. The bucket policy i used is mentioned below as reference.
{
"Version": "2012-10-17",
"Id": "Policy1657799010112",
"Statement": [
{
"Sid": "Stmt1657798687256",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 1/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Dollar/TrendedDetails-Dollar*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Unit/TrendedDetails-Unit*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/0*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/1*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 4/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 5/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/TY/Start*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/YA/Start*.xlsx"
]
},
{
"Sid": "Stmt1657798687256",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"NotResource": [
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 1/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Dollar/TrendedDetails-Dollar*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 2/Latest/Unit/TrendedDetails-Unit*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/0*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 3/Latest/1*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 4/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 5/Latest/Start*.gz",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/TY/Start*.xlsx",
"arn:aws:s3:::testbucketforuploadlimitation/Retailer 6/Latest/YA/Start*.xlsx"
]
}
]
}