Home CloudAWS AWS: Grant IAM user access to S3 bucket that’s available in public

AWS: Grant IAM user access to S3 bucket that’s available in public

by Kliment Andreev
0 comment
Reading Time: < 1 minute

UPDATED: July-07-2019
I had a request to create a bucket that also acts as a static content web server and give access to an IAM user, so the user can upload/download/delete the file content.

In order to do that, first let’s create an IAM user from the Identity & Access Management menu. Store the credentials for this user somewhere, you’ll need to give these to the end user. Then edit the user and click on the Permissions tab. Create a new Inline policy.

Copy & paste and then validate.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:CreateBucket",
                "s3:DeleteObject",
                "s3:Put*",
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": [
                "arn:aws:s3:::<bucket_name>",
                "arn:aws:s3:::<bucket_name>/*"
            ]
        }
    ]
}

Look at the policy and replace with your bucket name. Do not include the arrow brackets. Make sure you validate the policy and then apply it.

The next step is to create the S3 bucket. Make sure you use the same name as the name you specified in the above policy. Change whatever settings you want for logging, versioning, cross-legion replication etc… There is no need to enable the web hosting. The setting that matters is under the properties. Click on the Permissions and then Edit bucket policy. Copy & paste the policy.

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "AllowPublicRead",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::<bucket_name>/*"
        }
    ]
}

Replace the with the name of your S3 bucket and you are all set. You can test the access with S3 browser. Create a new account, add the access and secret keys and click Save. S3 will ask you if you want to add an external bucket. Just add and you should be OK.
NOTE: Make sure that your settings for public access are off otherwise you’ll get access denied when you create the bucket policy.

0 comment
0

Related Articles

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More