I created an IAM group and attached two IAM policies with the group.
- IAM policy to define the buckets to operate and access source IP address.
{
"Statement": [
{
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"xxx.xxx.xxx.xxx/32",
"xxx.xxx.xxx.xxx/32"
]
}
},
"Resource": [
"arn:aws:s3:::bucket_name.ap-northeast-1",
"arn:aws:s3:::bucket_name.ap-northeast-1/*",
"arn:aws:s3:::bucket_name.us-west-1",
"arn:aws:s3:::bucket_name.us-west-1/*",
"arn:aws:s3:::bucket_name.us-west-1",
"arn:aws:s3:::bucket_name.us-west-1/*",
"arn:aws:s3:::bucket_name.us-west-2",
"arn:aws:s3:::bucket_name.us-west-2/*"
],
"Action": "s3:*",
"Effect": "Allow"
}
],
"Version": "2012-10-17"
}
- IAM policy to list all the buckets for a s3 tool like S3 Browser
{
"Statement": [
{
"Resource": "*",
"Action": "s3:List*",
"Effect": "Allow"
}
],
"Version": "2012-10-17"
}
I successfully got the properties of us-east-1 after adding the action as follows.
{
"Statement": [
{
"Resource": "*",
"Action": [
"s3:List*",
"s3:Get*"
],
"Effect": "Allow"
}
],
"Version": "2012-10-17"
}
I am wondering if us-east-1 (US standard) region is different from other regions in how to apply IAM policy because it is the 1st region of AWS???
s3 browser An extension to browse S3 files on
ReplyDeleteIts coastlines are caressed by the waves of Aegean Sea and its vast beaches are kissed by the rays of the Sun. Endless sandy beaches, fascinating life-style of common people, 15,000km of coastline and tranquil ambience have made this country as the ultimate destination place for every tourist. Commercial property management
ReplyDelete