Below you can find a step-by-step guide on how to set an access to a specific Amazon S3 bucket for a single user (a bucket user-lion in the example):
- Go to My Security Credentials.
- Select Get Started with IAM Users.
- Select the Create Policy option in the Policy section, then select Create Your Own Policy.
- The next step is to add a Policy Document, which will look like this:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": [ "arn:aws:s3:::${aws:username}" ] }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::${aws:username}/*" ] } ] }*This Policy does not require editing.
I.e. you permit to use the methods “s3:ListBucket” and “s3:GetBucketLocation” with the bucket arn:aws:s3:::${aws:username}, and “s3:PutObject”, “s3:GetObject”, “s3:DeleteObject”, “s3:PutObjectAcl” for the all objects in that bucket.
- At this step, you will need to go back to My Security Credentials, select the Users section and create a user who will have an access to the mentioned bucket.
- Then, attach the previously created policy to a user.
- When the previous step is done, go to the Users section → select the newly created user → open the Security credentials tab → select Create access key.
- Finally, using the login information from the previous steps, a specific bucket can be accessed by a single user.
