Skip to content

Instantly share code, notes, and snippets.

@dreamorosi

dreamorosi/AllowAlsoListingOfBucketRoot.json

Created July 10, 2019 10:05
Show Gist options
  • Save dreamorosi/0f7636ad2e4e222b2d7afcc7cd58cc96 to your computer and use it in GitHub Desktop.
Save dreamorosi/0f7636ad2e4e222b2d7afcc7cd58cc96 to your computer and use it in GitHub Desktop.
Download ZIP
IAM Policy that gives programmatic access to a list and perform actions on specific sub folder inside a S3 Bucket. Can also add programmatic listing of root and Console access.
Raw
AllowAlsoListingOfBucketRoot.json
{
"Sid": "AllowListingOfBucketRoot",
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::{{BUCKET_NAME}}"
],
"Condition": {
"StringEquals": {
"s3:prefix": [
"", "{{SUB_FOLDER_NAME}}/*"
]
}
}
}
Raw
AllowConsoleAccess.json
{
"Sid": "AllowUserToSeeBucketListInTheConsole",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*"
]
}
Raw
ProgrammaticAccessToS3SubfolderOnly.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListingOfSubFolder",
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::{{BUCKET_NAME}}"
],
"Condition": {
"StringLike": {
"s3:prefix": [
"{{SUB_FOLDER_NAME}}/*"
]
}
}
},
{
"Sid": "AllowSomeActionsInSubFolder",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::{{BUCKET_NAME}}/{{SUB_FOLDER_NAME}}/*"
]
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment