Caffeine, silicon and nimesulide

{ 'fullname' : "Michele Zonca", 'tags' : ['developer', 'mashaper', 'caffeinated', 'nerd']}
6th Oct 2011

AWS IAM Policy: give access to one bucket

Today I had to create a new user in our S3 account and to give him all permissions to just one bucket.

As you can see in our S3 file-manager implementation ( https://github.com/Mashape/file-manager ) I use these two lines to load credentials from a properties file and to connect to the S3 bucket

s3Service = new RestS3Service(awsCredentials);
bucket = s3Service.getBucket(properties.getProperty("s3.bucket"));

The second lines throws an exception if you don’t give s3:ListAllMyBuckets permission to that user. So the final policy I used is this:

{
  "Statement": [
    {
      "Action": [
        "s3:ListAllMyBuckets"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::*"
    },
    {
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::bucket",
        "arn:aws:s3:::bucket/*"
      ]
    }
  ]
}

Obviously you can avoid the “Action”: “s3:*” part and put just a list of actions you want to allow..