S3 Bucket - Precise Permissions

18 Nov 2013

Found a way to give precise permissions to prefixes underneath the main bucket. Create an IAM account, then assign this policy below. Now you can safety know that the IAM account will only be able to access items underneath the prefix development/, in the my_main_bucket.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
       "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::my_main_bucket"
      ],
      "Condition": {
        "StringLike": {
          "s3:prefix": "development/*"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:*"
      ],
      "Resource": [
        "arn:aws:s3:::my_main_bucket/development/*"
      ],
      "Condition": {}
    }
  ]
}

Engineering in Time

S3 Bucket - Precise Permissions

Related Posts

Facebook's Mcrouter SSL Setup 02 Nov 2014

Cloudflare - free SSL 31 Oct 2014

Thank you Github pages and Cloudflare 22 Jun 2014