How to change AWS S3 Bucket policies?

0 votes

I have created a bucket with cloudformation:

AWSTemplateFormatVersion: "2018-11-09"
Parameters:
  BucketName:  
    Type: String
    Description: "Name for the S3 Bucket"
    Default: "randomnameofbucket"
  S3Bucket:
    Type: "AWS::S3::Bucket"
    Properties:
      AccessControl: "Private"
      BucketName: !Ref BucketName

The bucketPolicy I made is having issues. 

My agenda is :

  • A (UserA) can upload to S3
  • A (UserA) can NOT DELETE from S3
  • All users (in my environment, not public) can read from S3
  • All users (in my environment, nob public) can delete from S3
Nov 16, 2018 in AWS by findingbugs
• 3,140 points
278 views

1 answer to this question.

0 votes

Here is the JSON file I used to work with the S3 Bucket policies.

{
"Version": "2018-11-12",
"Id": "PolicyId123",
"Statement": [
    {
        "Sid": "AllowAccess",
        "Effect": "Allow",
        "Principal":{"AWS":"arn:aws:iam::account-number-without-hyphens:user/user1"},
        "Action": [
            "s3:Get*",
            "s3:List*"
        ],
        "Resource": [
            "arn:aws:s3:::s3_bucket_name",
            "arn:aws:s3:::s3_bucket_name/*"
        ]
    },
    {
        "Sid": "StopDeletingObject",
        "Effect": "Stop",
        "Principal": {"AWS":"arn:aws:iam::account-number-without-hyphens:user/user1"},
        "Action": "s3:Delete*",
        "Resource": [
            "arn:aws:s3:::s3_bucket_name",
            "arn:aws:s3:::s3_bucket_name/*"
        ]
    },
    {
        "Sid": "Allow everyone to access bucket",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::account-number-without-hyphens:root"
        },
        "Action": [
            "s3:Get*",
            "s3:List*",
            "s3:Put*",
            "s3:Delete*"
        ],
        "Resource": [
            "arn:aws:s3:::s3_bucket_name",
            "arn:aws:s3:::s3_bucket_name/*"
        ]
    }
]
}
answered Nov 16, 2018 by Jino
• 5,560 points

Related Questions In AWS

+1 vote
3 answers

How to get ARN for s3 Bucket using aws cli .

An ARN is a non-opaque, constructible identifier, ...READ MORE

answered Aug 16, 2018 in AWS by Priyaj
• 56,520 points
1,276 views
0 votes
1 answer
0 votes
1 answer

How to download the latest file in a S3 bucket using AWS CLI?

You can use the below command $ aws ...READ MORE

answered Sep 6, 2018 in AWS by Archana
• 4,090 points
3,761 views
0 votes
1 answer
0 votes
1 answer

AWS S3 uploading hidden files by default

versioning is enabled in your bucket. docs.aws.amazon.com/AmazonS3/latest/user-guide/….... the ...READ MORE

answered Oct 4, 2018 in AWS by Priyaj
• 56,520 points
231 views
0 votes
1 answer

How to decrypt the encrypted S3 file using aws-encryption-cli --decrypt

Use command : aws s3 presign s3://mybucket/abc_count.png you get ...READ MORE

answered Oct 22, 2018 in AWS by Priyaj
• 56,520 points
454 views
0 votes
1 answer

Import my AWS credentials using python script

Using AWS Cli  Configure your IAM user then ...READ MORE

answered Nov 16, 2018 in AWS by Jino
• 5,560 points
307 views
0 votes
2 answers
+5 votes
3 answers
0 votes
1 answer

Connect AWS Athena to an existing Hive Metastore

Athena works only with its own metastore ...READ MORE

answered Nov 16, 2018 in AWS by Jino
• 5,560 points
352 views