How to change AWS S3 Bucket policies?

0 votes

I have created a bucket with cloudformation:

AWSTemplateFormatVersion: "2018-11-09"
Parameters:
  BucketName:  
    Type: String
    Description: "Name for the S3 Bucket"
    Default: "randomnameofbucket"
  S3Bucket:
    Type: "AWS::S3::Bucket"
    Properties:
      AccessControl: "Private"
      BucketName: !Ref BucketName

The bucketPolicy I made is having issues. 

My agenda is :

  • A (UserA) can upload to S3
  • A (UserA) can NOT DELETE from S3
  • All users (in my environment, not public) can read from S3
  • All users (in my environment, nob public) can delete from S3
Nov 16, 2018 in AWS by findingbugs
• 3,140 points
147 views

1 answer to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes

Here is the JSON file I used to work with the S3 Bucket policies.

{
"Version": "2018-11-12",
"Id": "PolicyId123",
"Statement": [
    {
        "Sid": "AllowAccess",
        "Effect": "Allow",
        "Principal":{"AWS":"arn:aws:iam::account-number-without-hyphens:user/user1"},
        "Action": [
            "s3:Get*",
            "s3:List*"
        ],
        "Resource": [
            "arn:aws:s3:::s3_bucket_name",
            "arn:aws:s3:::s3_bucket_name/*"
        ]
    },
    {
        "Sid": "StopDeletingObject",
        "Effect": "Stop",
        "Principal": {"AWS":"arn:aws:iam::account-number-without-hyphens:user/user1"},
        "Action": "s3:Delete*",
        "Resource": [
            "arn:aws:s3:::s3_bucket_name",
            "arn:aws:s3:::s3_bucket_name/*"
        ]
    },
    {
        "Sid": "Allow everyone to access bucket",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::account-number-without-hyphens:root"
        },
        "Action": [
            "s3:Get*",
            "s3:List*",
            "s3:Put*",
            "s3:Delete*"
        ],
        "Resource": [
            "arn:aws:s3:::s3_bucket_name",
            "arn:aws:s3:::s3_bucket_name/*"
        ]
    }
]
}
answered Nov 16, 2018 by Jino
• 5,520 points

Related Questions In AWS

+1 vote
3 answers

How to get ARN for s3 Bucket using aws cli .

An ARN is a non-opaque, constructible identifier, ...READ MORE

answered Aug 16, 2018 in AWS by Priyaj
• 56,140 points
842 views
0 votes
1 answer
0 votes
1 answer

How to download the latest file in a S3 bucket using AWS CLI?

You can use the below command $ aws ...READ MORE

answered Sep 6, 2018 in AWS by Archana
• 4,090 points
1,983 views
0 votes
1 answer
0 votes
1 answer

AWS S3 uploading hidden files by default

versioning is enabled in your bucket. docs.aws.amazon.com/AmazonS3/latest/user-guide/….... the ...READ MORE

answered Oct 4, 2018 in AWS by Priyaj
• 56,140 points
110 views
0 votes
1 answer

How to decrypt the encrypted S3 file using aws-encryption-cli --decrypt

Use command : aws s3 presign s3://mybucket/abc_count.png you get ...READ MORE

answered Oct 22, 2018 in AWS by Priyaj
• 56,140 points
230 views
0 votes
1 answer

Import my AWS credentials using python script

Using AWS Cli  Configure your IAM user then ...READ MORE

answered Nov 16, 2018 in AWS by Jino
• 5,520 points
148 views
0 votes
2 answers
+5 votes
3 answers
0 votes
1 answer

Connect AWS Athena to an existing Hive Metastore

Athena works only with its own metastore ...READ MORE

answered Nov 16, 2018 in AWS by Jino
• 5,520 points
237 views

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.