Jan 14, 2022

Allow AWS IAM Users Access to a Home S3 Bucket

0
0
{{ }} Substitute variables

Adjust the variable values according to your preference.

Policy Code

1{
2    "Version": "2012-10-17",
3    "Statement": [
4        {
5            "Effect": "Allow",
6            "Action": [
7                "s3:ListAllMyBuckets",
8                "s3:GetBucketLocation"
9            ],
10            "Resource": "*"
11        },
12        {
13            "Effect": "Allow",
14            "Action": "s3:ListBucket",
15            "Resource": "arn:aws:s3:::{{bucketName}}",
16            "Condition": {
17                "StringLike": {
18                    "s3:prefix": [
19                        "",
20                        "home/",
21                        "home/${aws:username}/*"
22                    ]
23                }
24            }
25        },
26        {
27            "Effect": "Allow",
28            "Action": "s3:*",
29            "Resource": [
30                "arn:aws:s3:::{{bucketName}}/home/${aws:username}",
31                "arn:aws:s3:::{{bucketName]]/home/${aws:username}/*"
32            ]
33        }
34    ]
35}
DOC

Replace {{bucketName}} with the name of the S3 bucket that contains home directories for each user. Note that the ${aws:username} is a dynamic AWS IAM policy variable.

    Get the IAM Pulse Check Newsletter

    We send out a periodic newsletter full of tips & tricks, contributions from the community, commentary on the industry, relevant social posts, and more.

    Checkout past issues for a sampling of the goods.