AWS S3 Bucket User Policy

AWS S3 Bucket User Policy

June 8, 2020 / Eternal Team

What are the bucket & user policies?
Bucket and user policies, defined in JSON, that can be used to grant access on both buckets and objects.
Bucket policies are resources based only used to grant permission to AWS accounts or IAM users.
User policies are user-based and managed in IAM.
So let’s talk about some policy elements.

aws s3 bucket user policy

Example of policy:

aws s3 bucket user policy

There is a tool called the AWS Policy Generator in which a custom policy can be created.
Demo link https://www.youtube.com/watch?v=FocPPmC12iU
In this blog, we have created two sections,

  1. How to create bucket policies.
  2. How to create user policies. In user policies, we will explain to you how can we used the “Condition” statement and how to create “allow” or “deny” in policies generator

So now let’s implement on AWS console

Step 1

Login into AWS account and go to S3 console and create the bucket.
Now ones you create the bucket add some object on this bucket.

aws s3 bucket user policy

Here we have created a “mywebsite1996” bucket and in this bucket, we created two folders that are “Private” and “public “.

aws s3 bucket user policy

Now click on permission and go to bucket policy,

aws s3 bucket user policy

Now we are creating a custom policy using a policy generator so that only a particular object can be accessed publicly.

aws s3 bucket user policy

And click on Add statement,

{
  "Id": "Policy1590568185854",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1590568183957",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::website 1996/*",
      "Principal": "*"
    }
  ]
}

Above policy is which is generated by policy generator.
So now your bucket policies are publicly accessed,

aws s3 bucket user policy

Now we learn how to access a particular user to access the specific object (here we will see access to private folder).
So first go the IAM console,
In IAM console we will create the user, and we will give console access.

aws s3 bucket user policy

Click on permissions,
Here we will create a new group and the group name is “users”.

aws s3 bucket user policy

And click on the “create group” button.

aws s3 bucket user policy

And click on next and give some tags and create the user.

aws s3 bucket user policy

Now go to policies and create custom policies so that user can be accessed s3 bucket,

aws s3 bucket user policy

And click on review policy and give some name of the policy here we give “user@123” and click on “create policy”.

aws s3 bucket user policy

Now go to the group section and click on add permission.

aws s3 bucket user policy

And attached our existing policy to this group. And click on attach the policy.

aws s3 bucket user policy

So in here users only see the bucket they didn’t put any object in the bucket.
Now we will see how we can give permission to IAM users.
First, go to to my bucket (mywebsite1996), we have to create a bucket policy for new IAM user, so add a policy.

aws s3 bucket user policy

And click on save the policy And it’s done.

Conclusion.

In this blog, we learned about how to create a bucket & user policy.

Want to start a project?

It’s simple.

Contact us