AWS access to S3 bucket's folder for user groups

Question

I understand that in AWS we can control access to AWS S3 bucket as well as to contained folders for each user by using username variable in the bucket IAM policy. I followed this blog: Writing IAM Policies: Grant Access to User-Specific Folders in an Amazon S3 Buckete

The question is that I do not see how this can be possible also for groups. Because I want to create folders for groups rather than folders for users. According to this IAM Policy Elements: Variables and Tags I understand that there is NO variable group that I can use in the policy.

Any idea? thanks

@thatguy IAM group **can't** be principle in any policy, unfortunately. — Marcin, Apr 11 '20 at 00:40
https://stackoverflow.com/questions/34922920/how-can-i-allow-a-group-to-assume-a-role — thatguy, Apr 11 '20 at 20:04

score 1 · Accepted Answer · answered Apr 11 '20 at 02:41

1

I don't think this would be possible because an IAM User an be in multiple IAM Groups, so the name of the folder would not be predictable.

Instead, you would need to add a policy to each group that grants access to a specific bucket + path.

answered Apr 11 '20 at 02:41

John Rotenstein

241,921
22
380
470

ok I think the same limitation applies if I leverage IAM Roles, right? I think your suggestion is the one, I am going to try it. thanks. – toto' Apr 11 '20 at 07:52

AWS access to S3 bucket's folder for user groups

1 Answers1