Table of Contents
Create an IAM user to only allow access to specific resources.
Go to Users > Attach User Policy > Policy Generator on the web console.
ref:
https://console.aws.amazon.com/iam/home?#users
Allow Full Access to Certain Buckets
Full access to single bucket:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::files.albedo.one",
"arn:aws:s3:::files.albedo.one/*"
]
}
]
}For BackWPup, a WordPress plugin:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": "arn:aws:s3:::*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": ["s3:CreateBucket", "s3:DeleteObject"],
"Resource": [
"arn:aws:s3:::files.vinta.ws",
"arn:aws:s3:::files.vinta.ws/*",
"arn:aws:s3:::vinta-ws-backup",
"arn:aws:s3:::vinta-ws-backup/*"
]
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": ["s3:Get*", "s3:List*", "s3:Put*"],
"Resource": [
"arn:aws:s3:::files.vinta.ws",
"arn:aws:s3:::files.vinta.ws/*",
"arn:aws:s3:::vinta-ws-backup",
"arn:aws:s3:::vinta-ws-backup/*"
]
}
]
}Only Allow Get/Put Objects
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket", "s3:ListAllMyBuckets"],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:PutObject"],
"Resource": ["arn:aws:s3:::metadata.vinta.ws*"]
}
]
}S3 Storage Lens
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:GetStorageLensConfiguration",
"s3:GetStorageLensDashboard"
],
"Resource": "arn:aws:s3:*:*:storage-lens/*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:ListStorageLensConfigurations",
"Resource": "*"
}
]
}