I want to restrict aws s3 bucket to not get access from anywhere, I want block all access public, private, bucket, folder, file everything of that bucket after that then i want to create an access point of s3 then I want to give permission to an IAM user so that only that IAM user can perform all action but only that IAM user now I am not sure what exactly I also enable or disable like public access or something also, i don't know I have to give a policy to the bucket or access point
Asked
Active
Viewed 204 times
1 Answers
2
I want to restrict aws s3 bucket to not get access from anywhere, I want block all access public, private, bucket, folder, file everything of that bucket
Use this policy to restrict all access:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyAll",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket/*"
}
]
}
then i want to create an access point of s3 then I want to give permission to an IAM user so that only that IAM user can perform all action but only that IAM user
Use this policy to restrict all access except for one IAM user:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyAllExceptRole",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket/*",
"Condition": {
"StringNotEquals": {
"aws:PrincipalArn": "IAM-ROLE-ARN"
}
}
},
{
"Sid": "AllowRole",
"Effect": "Allow",
"Principal": "IAM-ROLE-ARN",
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket/*"
}
]
}
Brian
- 1,056
- 9
- 15
-
one question, we are not giving any permission to that IAM user i mean only s3 bucket policy will enough to access s3 from that user or i also have to create one allow policy to that IAM user and attach ? – shrijay Dec 29 '22 at 13:26
-
Only s3 policy will be enough if the user and the role are in the same account. – Brian Dec 29 '22 at 15:56
-
i am trying but showing i dont have enough reputation – shrijay Dec 29 '22 at 16:28
-
If that's a different issue you can resolve this one and ask a new question. – Brian Dec 29 '22 at 16:39