AWS S3 security considerations
Permit the following actions for both the bucket and all objects:
Permitted actions |
|---|
s3:PutObject |
s3:GetObject |
s3:ListBucketByTags |
s3:ListBucketVersions |
s3:ListBucket |
s3:DeleteObject |
s3:GetBucketLocation |
The following is an example of a JSON policy:
{
"Statement": [
{
"Sid": "ObjectAccess",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::************:user/********"
},
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucketVersions",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::<bucketName>",
"arn:aws:s3:::<bucketName>/*"
]
}
]
}
"Statement": [
{
"Sid": "ObjectAccess",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::************:user/********"
},
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucketVersions",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::<bucketName>",
"arn:aws:s3:::<bucketName>/*"
]
}
]
}
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*