We create S3 Bucket, we make it not public, we don’t change anything in the access rights. Immediately find the ARN created baketa.
Create a user, on the “Permisson” tab, go to “Attach existing policies directly” and find “AmazonS3ReadOnlyAccess“. Let’s see the created user ARN.
We return to the settings of S3 Bucket already created and go to “Permisson“, create a “Bucket Policy” with the following contents:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/artem-mys3bucket"
},
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": "arn:aws:s3:::artem-mys3bucket/*"
}
]
}
Do not forget to replace the ARN with your own.