S3: How to grant access to multiple buckets?

Question

I have a policy that allows access to 1 bucket:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::MYBUCKETNAME"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::MYBUCKETNAME/*"
        }
    ]
}

I'm curious how I allow access to multiple buckets? I don't want to allow access to all buckets, however. Do I literally just double the 2 sub-sections of the "Statement" section?

Also the buckets I need to grant access to will have a pattern to their name, say something like this:

abc-xyz-client

Where client will always be something different. Is it easier to add some sort of wildcard access?

score 23 · Accepted Answer · answered Nov 16 '15 at 21:29

23

The Resource key's value can be an array of buckets.

e.g.

"Resource" : ["arn:aws:s3:::MYBUCKETNAME", "arn:aws:s3:::MYBUCKETNAME2"]

answered Nov 16 '15 at 21:29

Rhythmic Fistman

34,352
5
87
159

1

Can we also have a wildcard to allow access to all buckets ? – BlackBurn027 Aug 12 '17 at 10:38
1

Yep. [The following ARN uses * to indicate all Amazon S3 resources (all S3 buckets and objects in your account).](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) `arn:aws:s3:::*` – spkane May 04 '20 at 21:22

S3: How to grant access to multiple buckets?

1 Answers1

Linked