AWS — S3 Bucket Public with full access to user

• Пользователь: artem-s3-user
• S3 корзина: artem-s3-bucket

Создаем S3 Bucket, права пока не задаем, просто запоминаем название бакета. Переходим в IAM и создаем пользователя, и добавляем ему роль со следующим содержимым:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "1",
            "Effect": "Allow",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::arn:aws:s3:::artem-s3-bucket/*"
        },
        {
            "Sid": "2",
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::/arn:aws:s3:::artem-s3-bucket/*"
        },
        {
            "Sid": "3",
            "Effect": "Allow",
            "Action": [
                "s3:PutAccountPublicAccessBlock",
                "s3:GetAccountPublicAccessBlock",
                "s3:ListAllMyBuckets",
                "s3:HeadBucket"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor3",
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::artem-s3-bucket/*",
                "arn:aws:s3:::artem-s3-bucket"
            ]
        }
    ]
}

S3 Bucket Policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::XXXXXXXXXXXX:user/artem-s3-user"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::artem-s3-bucket/*"
        },
        {
            "Sid": "2",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::artem-s3-bucket/*"
        }
    ]
}

XXXXXXXXXXXX — ID вашей учетной записи AWS

Метки: Метки AWS Policy S3