How to restrict minio bucket from deleting files?

Asked Apr 13 '23 at 09:25

Active Apr 13 '23 at 13:19

Viewed 91 times

I have a user with readwrite policy

    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        }
    ]
}

Then I created a bucket policy

    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Principal": {
                "AWS": [
                    "*"
                ]
            },
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::images/*"
            ]
        }
    ]
}

But user still can getObjects from this bucket. Why? How to deny read/delete actions for bucket. And is it possible to deny it to minioadmin?

edited Apr 13 '23 at 13:19

John Rotenstein

241,921
22
380
470

asked Apr 13 '23 at 09:25

Nazar Kalytiuk

1,499
1
11
21

When you are testing their ability to get objects from the bucket, what is the Key of the object? Is the object inside the `images/` directory, or is it at the root level of the bucket? Please show us the code or command that you used to test. – John Rotenstein Apr 13 '23 at 13:21

How to restrict minio bucket from deleting files?

0 Answers0