IAM-Create a resource based policy and attach to S3_B16 Bucket & only sunny user can able to access that bucket

 1. Create a resource based policy and attach to S3_B16 Bucket & only sunny user can able to access that bucket

1.    Go to S3 service

2.    Select bucket S3_B16 --> select Permissions tab




3.    Go to Bucket policy section




4.    Click on edit and copy paste the below Jason code and save
make changes “YOUR_ACCOUNT_ID” with you aws account id and bucket name

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Effect": "Allow",

            "Principal": {

                "AWS": "arn:aws:iam::YOUR_ACCOUNT_ID:user/sunny"

            },

            "Action": "s3:*",

            "Resource": [

                "arn:aws:s3:::S3_B16",

                "arn:aws:s3:::S3_B16/*"

            ]

        },

        {

            "Effect": "Deny",

            "NotPrincipal": {

                "AWS": "arn:aws:iam::YOUR_ACCOUNT_ID:user/sunny"

            },

            "Action": "s3:*",

            "Resource": [

                "arn:aws:s3:::S3_B16",

                "arn:aws:s3:::S3_B16/*"

            ]

        }

    ]

}

Comments

Post a Comment

Popular posts from this blog

IAM-Create a policy to place the user in a group only.

Image
  Policy Create a policy to place the user in a group only. 1)   Create IAM user -->  abc 2)   Select abc user then go to permissions 3)   Click on add permissions and click create inline policy ( or you can create policy separately and then attach to user) 4)   Select a service -->  service  -->  IAM 5)  In actions allowed --> effect – select allow select Actions  -->   ListUsers, AddUserToGroup, GetUser, ListGroups, GetGroup 6) Enter policy name -->  click on create policy
Read more

IAM-Create a policy to deny the access of Specific bucket.

Image
  Policy   Create a policy to deny the access of Specific bucket. 1)      Create IAM user -->  abc 2)      Select abc user then go to permissions 3)     Click on add permissions and add AmazonS3FullAccess then again create inline policy for deny the access of Specific bucket 4)     Select a service  -->  service  -->   S3 5)     In actions allowed  -->  effect – select deny select Actions PutObject , ListBucket, GetObject 6)     In Resources  -->  select specific In Bucket  -->  click Add ARNs  -->  "arn:aws:s3:::your-bucket-name" In Object  -->  click Add ARNs  -->  "arn:aws:s3:::your-bucket-name/*" ( * bcoz to apply for all objects) 7)     Enter policy name...
Read more