ilyesAj · November 15, 2022 16:51 · ilyesAj · Aug 24, 2022
diff --git a/s3-policy-appender.sh b/s3-policy-appender.sh
 #!/bin/bash
 # this script will allow you to append policy within a bucket 
 # you need to install jq awscli to use this script
 [ $# != 1 ] && { echo "Usage: $0 \"bucket_name\""; exit 1; }

 bucket="$1"

 json_to_add="{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::ACCOUNT-B:user/s3-cross-account\"},\"Action\":[\"s3:ListBucket\",\"s3:GetObject\"],\"Resource\":[\"arn:aws:s3:::${bucket}\",\"arn:aws:s3:::${bucket}/*\"]}"
 # get bucket policy
 aws s3api get-bucket-policy --bucket ${bucket} --query Policy --output text > policy-${bucket}.json

 # append on json file
 jq '.Statement[1] |= . + '"${json_to_add}"'' policy-${bucket}.json > policytopush-${bucket}.json
 #jq '.Statement[.Statement| length] |= . + '"$json_to_add"'' policy.json

 aws s3api put-bucket-policy --bucket ${bucket} --policy file://policytopush-${bucket}.json
	#!/bin/bash
	# this script will allow you to append policy within a bucket
	# you need to install jq awscli to use this script
	[ $# != 1 ] && { echo "Usage: $0 \"bucket_name\""; exit 1; }

	bucket="$1"

	json_to_add="{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::ACCOUNT-B:user/s3-cross-account\"},\"Action\":[\"s3:ListBucket\",\"s3:GetObject\"],\"Resource\":[\"arn:aws:s3:::${bucket}\",\"arn:aws:s3:::${bucket}/*\"]}"
	# get bucket policy
	aws s3api get-bucket-policy --bucket ${bucket} --query Policy --output text > policy-${bucket}.json

	# append on json file
	jq '.Statement[1] \|= . + '"${json_to_add}"'' policy-${bucket}.json > policytopush-${bucket}.json
	#jq '.Statement[.Statement\| length] \|= . + '"$json_to_add"'' policy.json

	aws s3api put-bucket-policy --bucket ${bucket} --policy file://policytopush-${bucket}.json