-2

  • How can I give all s3 bucket ( public & private ) with deny of some target bucket no access

  • In essence, I want to grant access to all S3 buckets excluding a select number ( not want to give access for bucket 1 & sub folders )

  • in my bucket structure i just make policy which have only access of all bucket but not bucket 1

Bucket structure

s3

  • bucket 1/folder 1.1 ( private database )
  • bucket 2 ( website data )
  • bucket 3 ( design data )
  • bucket n

Which policy do I need to apply if I want to grant access to all of my buckets but not to bucket 1 & sub folder 1.1?

Mori Kuldip
  • 31
  • 4
  • 1
    What do you mean by "readable" -- readable by who? Are you wanting to grant access to anyone on the Internet, or to specific IAM users? How are you currently granting access to the buckets? – John Rotenstein Sep 27 '22 at 10:24
  • readable by new user which i don't want to give access. website developer have access of bucket 2 & 3 but not bucket 1 & sub folder's – Mori Kuldip Sep 27 '22 at 11:30
  • If you want to make bucket 2 through bucket n readable by anyone on the internet without any requirement for them to authenticate then use Marcin's solution and add that policy to each of the S3 buckets that need to publicly-readable. You can't do this with one policy. If that isn't what you want, clarify what you mean when you refer to "new user". – jarmod Sep 27 '22 at 11:47
  • Your question is still very unclear. It is not easy to understand how you are currently granting access to the buckets, nor to whom you are granting the access. Let's start simple... What do you mean by "grant access to all of my buckets" -- are you granting them to specific IAM users, or to _ALL_ IAM Users, or to anyone on the Internet? (This will impact how to _not_ grant access to Bucket 1, but first we need to know how you are granting access to all the _other_ buckets.) – John Rotenstein Sep 28 '22 at 01:15

1 Answers1

0

In AWS, all buckets are private by default. So for bucket 1 you don't have to do anything - its private by default. For the remaining bucket you have to setup policies with read-only permission to an anonymous user and disable blocking public access .

Marcin
  • 215,873
  • 14
  • 235
  • 294
  • hello @Marcin, inside of your [link](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-use-case-2) not any specific policy with with particular 1 block and other all for full access – Mori Kuldip Sep 27 '22 at 11:33
  • @MoriKuldip You can't do this with one policy. – jarmod Sep 27 '22 at 11:51
  • @MoriKuldip You have to setup policies for each bucket separately. – Marcin Sep 27 '22 at 11:52