Home > Net >  Can't add multiple bucket policies to S3 bucket
Can't add multiple bucket policies to S3 bucket

Time:11-01

im unable to add domain level privacy bucket policy with zencoder bucket policy. they work when i add one at a time but when i try to implement both it doesnt work. im just looking for a solution to implement both bucket polices in one bucket. i tried to add condition from the domain level privacy to zencoders bucket policy. but the domain level privacy stops working. here is the bucket policies im trying to add .

{
    "Version": "2012-10-17",
    "Id": "http referer policy example",
    "Statement": [
        {
            "Sid": "Allow get requests originating from www.example.com and example.com.",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::newbbbb/*",
            "Condition": {
                "StringLike": {
                    "aws:Referer": "https://www.vlogmo.com/*"
                }
            }
        }
    ]
}

{
"Version": "2012-10-17",
"Id": "ZencoderBucketPolicy",
"Statement": [
  {
      "Sid": "Stmt1295042087538",
      "Effect": "Allow",
      "Principal": {
          "AWS": "arn:aws:iam::395540211253:root"
      },
      "Action": [
      "s3:GetObjectAcl",
      "s3:GetObject",
      "s3:PutObjectAcl",
      "s3:PutObject",
      "s3:ListMultipartUploadParts"
      ],
      "Resource": "arn:aws:s3:::MY-BUCKET/*"
  },
  {
      "Sid": "Stmt1295042087538",
      "Effect": "Allow",
      "Principal": {
          "AWS": "arn:aws:iam::395540211253:root"
      },
      "Action": [
      "s3:ListBucketMultipartUploads",
      "s3:GetBucketLocation"
      ],
      "Resource": "arn:aws:s3:::MY-BUCKET"
  }
]
}

CodePudding user response:

im just looking for a solution to implement both bucket polices in one bucket

You can't do this. A bucket can have only one policy. So you have to join your two policies, into one by adding new Statement:

{
"Version": "2012-10-17",
"Id": "ZencoderBucketPolicy",
"Statement": [
  {
      "Sid": "Stmt1295042087538",
      "Effect": "Allow",
      "Principal": {
          "AWS": "arn:aws:iam::395540211253:root"
      },
      "Action": [
      "s3:GetObjectAcl",
      "s3:GetObject",
      "s3:PutObjectAcl",
      "s3:PutObject",
      "s3:ListMultipartUploadParts"
      ],
      "Resource": "arn:aws:s3:::MY-BUCKET/*"
  },
  {
      "Sid": "Stmt1295042087538",
      "Effect": "Allow",
      "Principal": {
          "AWS": "arn:aws:iam::395540211253:root"
      },
      "Action": [
      "s3:ListBucketMultipartUploads",
      "s3:GetBucketLocation"
      ],
      "Resource": "arn:aws:s3:::MY-BUCKET"
  },
  {
            "Sid": "Allow get requests originating from www.example.com and example.com.",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::newbbbb/*",
            "Condition": {
                "StringLike": {
                    "aws:Referer": "https://www.vlogmo.com/*"
                }
            }
        }
]
}

Page link:https//www.codepudding.com/net/174770.html

Prev:zencoder bucket policy is not working with domain level privacy bucket policy
Next:What is the easy way to share AWS Cost & Usage Report to another account?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding