I’m trying to figure out a basic permission set for an IAM user/key to have to have access to only a single bucket in S3 – only read/write access on an individual bucket.
What set of permissions is the minimum required to make this work? I have all options selected in the IAM policy generator for S3, all permissions enabled on the bucket except CreateBucket and DeleteBucket. I’ve also created a set of keys specific to this user.
When I try to access the bucket with these credentials, I get a problem listing buckets, even though the ListAllMyBuckets property is enabled.
Anyone have any experience setting up a basic bucket config like this? Seems like it would be pretty common…
The Example Policies for Amazon S3 cover various use cases similar or related to yours – specifically you might probably want to combine Example 1: Allow each user to have a home directory in Amazon S3 with Example 2: Allow a user to list only the objects in his or her home directory in the corporate bucket – you’d just need to adjust the
Resourceto target your buckets root directory instead, i.e. replace/home/bob/*with*.Please note that Example 2 facilitates ListBucket, which is an operation on a bucket that returns information about some of the items in the bucket, whereas ListAllMyBuckets is an operation on the service that returns a list of all buckets owned by the sender of the request, so likely not applicable to your use case (see my comment regarding clarification of the latter).