Amazon S3 putObject bucket policy

Question

I am trying to create a User who only has access to PutObject to an S3 bucket called "desking".

In IAM I have created a User, and applied this policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowPut",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::desking/*"
            ]
        }
    ]
}

However, when I go to "Simulate Policy", I get the error: implicitly denied (no matching statements found)

I have tried to add a policy to the actual "desking" bucket too:

{
    "Id": "Policy1447457038043",
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1447457035535",
            "Action": [
                "s3:PutObject"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::desking/*",
            "Principal": "*"
        }
    ]
}

However, still the same error.

Do I need a policy on the Bucket AND on the User. Or should a policy on the User be enough?

score 1 · Accepted Answer · answered Nov 14 '15 at 00:09

1

So, turns out I was using the simulator wrong.

I needed to click on the Service List within the Simulator and add this to the ARN:

arn:aws:s3:::desking/*

Which now works. Only need the User policy, not both.

answered Nov 14 '15 at 00:09

kwh

111
2

Amazon S3 putObject bucket policy

1 Answers1