Example policies to limit access to buckets

wasabiHere are some example policies that I use to create secure access to Wasabie storage.


Console access

This policy will allow a group to access buckets in the console.

{
  "Version": "2012-10-17",
"Statement": [ { "Sid": "AllowGroupToSeeBucketListInTheConsole",
"Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:GetBucketVersioning"
], "Resource": "arn:aws:s3:::*"
}, { "Effect": "Allow",
"Action": [ "iam:Get*", "iam:List*",
"iam:ChangePassword",
"iam:UpdateLoginProfile",
"iam:*MFA*", "sts:Get*"
], "Resource": "arn:aws:iam::${aws:accountid}:user/${aws:username}"
} ]
}

 

Single bucket access

This policy will allow a user to access a bucket called bucketName.

{
"Version": "2012-10-17",
"Statement": [ { "Sid": "AllowAccessToBucketNamedBucket1",
"Effect": "Allow", "Action": [ "s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:GetObjectAcl",
"s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::bucketName", "arn:aws:s3:::bucketName/*"
] }
] }

 

Thanks for visiting.