IT in Education

Giving users access to individual buckets

awsYou might need many users to have their own individual buckets. This article describes a method to streamline this implementation.


namedAccess

Start by creating a policy called namedAccess that will allow the required individual access.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowFullAccessToNamedBucket", "Effect": "Allow", "Action": "s3:*", "Resource": [ "arn:aws:s3:::myschool-${aws:username}", "arn:aws:s3:::myschool-${aws:username}/*" ] } ] }

Groups and Users

To complete this task you will need to do the following:

  1. Create a user group called staff and allocate the namedAccess policy to the group.
  2. Create some users, and make them members of the staff group.

Buckets

Now you can create any number of buckets called myschool-username to match any of the users previously created, and this policy will give that user exclusive access to the bucket in their name.


Thanks for visiting,
Steven