Skip to Content

AWS S3 security considerations

When using AWS, follow the instructions in Security Best Practices in IAM in AWS Documentations.

Permit the following actions for both the bucket and all objects:

Permitted actions

s3:PutObject

s3:GetObject

s3:ListBucketByTags

s3:ListBucketVersions

s3:ListBucket

s3:DeleteObject

s3:GetBucketLocation

Related topic

Cloud-and-storage-integration

Permit the following actions for the bucket:

Permitted actions

s3:HeadBucket

The following is an example of a JSON policy:

 {
"Action": [
    "s3:PutObject",
    "s3:GetObject",
    "s3:ListBucketVersions",
    "s3:ListBucket",
    "s3:DeleteObject",
    "s3:GetBucketLocation"
],
"Resource": [
    "arn:aws:s3:::",
    "arn:aws:s3:::/model9/*",
    "arn:aws:s3:::/agents/*"
],
"Sid": "ObjectAccess",
"Effect": "Allow"
},
{
    "Action": "s3:HeadBucket",
    "Resource": "*",
    "Sid": "BucketAccess",
    "Effect": "Allow"

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC AMI Cloud Data and BMC AMI Cloud Vault 2.7