AWS IAM Policy: give access to one bucket

Today I had to create a new user in our S3 account and to give him all permissions to just one bucket.

As you can see in our S3 file-manager implementation ( https://github.com/Mashape/file-manager ) I use these two lines to load credentials from a properties file and to connect to the S3 bucket

` s3Service = new RestS3Service(awsCredentials);bucket = s3Service.getBucket(properties.getProperty(“s3.bucket”)); `

The second lines throws an exception if you don’t give s3:ListAllMyBuckets permission to that user. So the final policy I used is this:

  "Statement": [
    {
      "Action": [
        "s3:ListAllMyBuckets"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::*"
    },
    {
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::bucket",
        "arn:aws:s3:::bucket/*"
      ]
    }
  ]

Obviously you can avoid the “Action”: “s3:*” part and put just a list of actions you want to allow..

AWS IAM Policy: give access to one bucket

my portfolio distribution on kivaorg

forcing text files to UTF-8 charset