S3 Bucket Restriction

S3 Bucket Restriction


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowUserToSeeBucketListInTheConsole",
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:GetBucketLocation"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::*"
            ]
        },
        {
            "Sid": "AllowRootAndHomeListingOfCompanyBucket",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::better-mast"
            ],
            "Condition": {
                "StringEquals": {
                    "s3:prefix": [
                        "",
                        "home/",
                        "home/David"
                    ],
                    "s3:delimiter": [
                        "/"
                    ]
                }
            }
        },
        {
            "Sid": "AllowListingOfUserFolder",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::better-mast"
            ],
            "Condition": {
                "StringLike": {
                    "s3:prefix": [
                        "home/David/*"
                    ]
                }
            }
        },
        {
            "Sid": "AllowAllS3ActionsInUserFolder",
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::better-mast/home/David/*"
            ]
        }
    ]
}

    • Related Articles

    • Private Bucket Access Code

      Hello all, It a pleasure to take a small steps towards establishing a good security concerns. It's been mandate now  for every developer to upload and download their precious data from AWS S3 private bucket only. How to access data from Private ...

    • Restore Log #Core

      # Stop lifecycle policy POST /_ilm/stop # Restore Index ## Get snapshot and index name first GET /_snapshot/core_repo_s3_6.9/daily-snap-2020.11.16* ## Restore index POST ...

    • What & How : SES

      What is SES ? It is a service provided by AWS to send mail. Working: By default, all SES account are in Sandbox. When an account is in sandbox it has follwing restriction : 1. You can only send mail to verified email addresses and domains, 2. You can ...

    • Server Setup Ticket Format

      Hello @all   [ ALL TL / PM ]   I'm giving a template for server setup. I'd like to propose that all team-leaders and project-managers create all set-up tickets themselves.  NOTE - Please double-check all project-related details in the README.md file ...

    • Restore Log #plus

      GET .monitoring-kibana-6-2019*/_search/ {  "query": {    "match_all": {}  } } GET /filebeat-6.2.4-2019.* POST /filebeat-6.2.4-2018.11.0*/_close DELETE  /filebeat-6.2.4-2018.11.09 POST /_snapshot/s3_repository/curator-2019.02.24/_restore?pretty { ...