Create/Assign Access Policy
For a User to acccess a Bucket, you'll need to create a Access Policy that defines Permissions
These are defined in json
Example Definition File
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::<bucket-name>"
},
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::<bucket-name>/*"
}
]
}What this File does:
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::<bucket-name>"
},- Allows Listing and Location Info for Bucket
arn:aws:s3:::<bucket-name>
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::<bucket-name>/*"
}- Allows Get (Read), Put (Upload) and Delete (Guess?) Permissions on Bucket
arn:aws:s3:::<bucket-name>and to all Subdirectories/*
Creating a Policy
mc admin policy create <name> <policy-name> <path-to-policy-json-file>Applying a Policy
mc admin policy attach <name> <policy-name> user=<username>
No Comments