Ping a Specific Port

Question

David542

Asked: 2011-10-13 17:15:53 +0800 CST2011-10-13 17:15:53 +0800 CST 2011-10-13 17:15:53 +0800 CST

Restricting console permissions in IAM for S3

772

I want to be able to allow users created through IAM to be able to view one bucket in the management console. Furthermore, I want to restrict it to a folder within the bucket, such that the permissions would be:

S3 Console access for my-bucket/folder/*

How would I do this using the policy generator? I currently have:

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "*"
    }
  ]
}

However, when I modify the Resource location -- arn:aws:s3:::my-bucket/folder -- it prevents the user from being able to use the console at all. Is this possible to do and what do I need to do to be able to fix this?

1 Answers

Voted

Paul Willis · Answer 1 · 2011-10-14T03:22:16+08:00

Paul Willis

2011-10-14T03:22:16+08:002011-10-14T03:22:16+08:00

You need to use conditions rather than adding the folder string to the resource, something like this...

"Resource":"arn:aws:s3:::mybucket"
"Condition":{
    "StringLike":{
            "s3:prefix":"folder/*"
    }
}

1

Restricting console permissions in IAM for S3

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?