середа, 2 квітня 2014 р.

AWS: IAM policy for renaming S3 objects

Here are the minimal needful list of permissions needed to access, create, delete and rename S3 objects within particular S3 bucket

{
"Version" : "2012-10-17",
"Statement" : [{
"Sid" : "Stmt1000000000001",
"Effect" : "Allow",
"Action" : [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource" : [
"arn:aws:s3:::bucket-name"
]
}, {
"Sid" : "Stmt1000000000002",
"Effect" : "Allow",
"Action" : [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObjectAcl",
"s3:GetObjectAcl"
],
"Resource" : [
"arn:aws:s3:::bucket-name",
"arn:aws:s3:::bucket-name/*"
]
}
]
}

Do not forget to replace  bucket-name with actual name of needed bucket and change Sid for your policies. Feel free to apply this policy to needful group/user/bucket :)
Опубліковано о
Мітки: , , ,

Немає коментарів:

Дописати коментар

Підписатися на: Дописати коментарі (Atom)