Last active
November 15, 2022 16:51
-
-
Save ilyesAj/db76562a158a34e809d1c97a4f7bf635 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# this script will allow you to append policy within a bucket | |
# you need to install jq awscli to use this script | |
[ $# != 1 ] && { echo "Usage: $0 \"bucket_name\""; exit 1; } | |
bucket="$1" | |
json_to_add="{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::ACCOUNT-B:user/s3-cross-account\"},\"Action\":[\"s3:ListBucket\",\"s3:GetObject\"],\"Resource\":[\"arn:aws:s3:::${bucket}\",\"arn:aws:s3:::${bucket}/*\"]}" | |
# get bucket policy | |
aws s3api get-bucket-policy --bucket ${bucket} --query Policy --output text > policy-${bucket}.json | |
# append on json file | |
jq '.Statement[1] |= . + '"${json_to_add}"'' policy-${bucket}.json > policytopush-${bucket}.json | |
#jq '.Statement[.Statement| length] |= . + '"$json_to_add"'' policy.json | |
aws s3api put-bucket-policy --bucket ${bucket} --policy file://policytopush-${bucket}.json |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
full implementation of this code here