2

My objective is userone buckets shoud not show to other users:

s3:ListAllMyBucket Returns a list of all buckets owned by the authenticated sender of the request. To use this operation, you must have the s3:ListAllMyBuckets permission.

This is my policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:CreateBucket",
                "s3:ListAllMyBuckets"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        }
    ]
}

s3.ListAllMyBuckets is not working i don't know why? If i misunderstand something please let me know

This Solution works but i need to know why s3:ListAllMyBuckets not working or if misunderstand something please let me know

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::prefix*"
            ]
        }
    ]
}
manoj prabhakaran
  • 103
  • 1
  • 5

1 Answers1

1

So there's no concept of a 'bucket owner' in MinIO as there is in AWS S3. The s3:ListAllMyBuckets operation effectively grants access to the ListBuckets API operation.

For what you want, there are a few patterns you can explore:

  • Using prefixes in a bucket per user and configuring the resource as "arn:aws:s3:::${aws:username}"

  • Creating a bucket per-user and creating a corresponding policy for that user only granting access to that bucket

MinIO adopts S3's deny-by-default attitude, so as long as you explicitly state which resources a user has access to, the others will fall off on their own.

rkumar-minio
  • 672
  • 5
  • 7