Create AN IAM user to only allow to access specific resources.
Go to Users > Attach User Policy > Policy Generator on the web console.
ref:
https://console.aws.amazon.com/iam/home?#users
Example 1
Allow full access to a certain bucket.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::files.albedo.one",
"arn:aws:s3:::files.albedo.one/*"
]
}
]
}Example 2
For BackWPup, a WordPress plugin:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::files.vinta.ws",
"arn:aws:s3:::files.vinta.ws/*"
]
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*",
"s3:Put*"
],
"Resource": [
"arn:aws:s3:::files.vinta.ws",
"arn:aws:s3:::files.vinta.ws/*"
]
}
]
}