DEV Community

Madalin Ignisca
Madalin Ignisca

Posted on • Originally published at madalin.me on

The minimal AWS IAM policy for using a bucket with an application

#devops #amazon #aws #iam

This is the minimal policy for an application to access only an AWS S3 bucket in which it would upload / download files and generate signed urls for public access.

Sad eggs

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:GetObjectAcl",
                "s3:PutObjectAcl",
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::bucket-name",
                "arn:aws:s3:::bucket-name/*"
            ]
        }
    ]
}
Enter fullscreen mode Exit fullscreen mode

Create a IAM user. Attach the above policy with bucket-name replaced.

Enjoy and remember to ignore all people that suggest you attach a give all permissions policy. You don’t give your house keys to strangers, right?

Top comments (0)

Read next

ajcastillo profile image

C4 Model en la Nube: Implementación Práctica con AWS y Terraform

Antonio Jesús Castillo Cotán -

riz007 profile image

When Scalability Meets Spectacle: Lessons from Netflix's Tyson-Paul Fight Crash

Rizwanul Islam Rudra -

pwd9000 profile image

Ignite 2024 - Book Of News - DevOps Edition

Marcel.L -

zavoloklom profile image

GitLab CI: Needs vs Dependencies — A Practical Guide

Sergey Kupletsky -