2

I try to allow one of our Devs (myapp-dev1) the access to one explicit S3-Bucket.

  1. I created a policy which should allow CRUD options (he should be able to write and read image files into that bucket, and only into this.

    "s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:ListObjects"

  2. I created a User named dev1 and assigned him to that new policy (the user is not in a Group nor has a Role)

  3. I created a Bucket named accordingly ARN: arn:aws:s3:::myapp-dev1-bucket

  4. Then in this bucket I switched to "Bucket Policy" and used the "Policy Generator" and allowed every action for that moment. All other settings failed so far, this one too. It looks like this:

    {
  "Id": "Policy123456789",
  "Version": "2012-10-17",
  "Statement": [
    {
       "Sid": "Stmt123456789",
       "Action": "s3:*",
       "Effect": "Allow",
       "Resource": "arn:aws:s3:::myapp-dev1-bucket",
       "Principal": {
          "AWS": [
              "arn:aws:iam::1234567890:user/myapp-dev1"
           ]
       }
    }
  ]
}

But I still get an

Excon::Error::Forbidden: Expected(200) <=> Actual(403 Forbidden)

  • What I have done wrong?
  • What I am missing?
  • Does the User must also be allowed to list buckets?

Please help!

fool-dev
  • 7,671
  • 9
  • 40
  • 54
Jan
  • 12,992
  • 9
  • 53
  • 89

1 Answers1

0

Try this,

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::Bucket_Name"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:ListObject"
            ],
            "Resource": [
                "arn:aws:s3:::Bucket_Name/*"
            ]
        }
    ]
}
Rahul Patil
  • 1