Using AWS Console, you can create an IAM user and assign a couple of different AWS managed S3 policies to that user. These policies are, however, too broad – they allow global access to all S3 buckets. In most cases we need to assign read/write access to a single bucket. For that we can create a custom policy. Depending on if your IAM user is setup for programmatic access or console access, the policy would be slightly different.

Programmatic Access

The above policy allows List, Put, Get, and Delete rights on myTestBucket. This policy can be assigned to any user that needs programmatic access.

Console Access

Notice that the above policy grants two additional rights to the entire S3 account. These rights are required for the console to be able to display buckets. User will be able to see all buckets in the account, but will only be allowed to do anything useful (List, Get, Put, Delete) on myTestBucket.

Post a Comment

1 Comment on "IAM Policy to Grant Access on a Single S3 Bucket"

Sort by:   newest | oldest | most voted

Thanks! I’ve been lazy and using AWS full access policy for apps.

wpDiscuz