Below you can find a step-by-step guide on how to set access to a specific Amazon S3 bucket for a single user (a bucket user-lionin the example):
- Go to My Security Credentials.
- Select Get Started with IAM Users.
- Select the Create Policy option in the Policy section, then select Create Your Own Policy.
- The next step is to add a Policy Document, which will look like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::${aws:username}"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::${aws:username}/*"
]
}
]
}*This Policy does not require editing.
I.e. you permit to use the methods "s3:ListBucket" and "s3:GetBucketLocation" with the bucket arn:aws:s3:::${aws:username}, and "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:PutObjectAcl" for the all objects in that bucket. - At this step, you will need to go back to My Security Credentials, select the Users section and create a user who will have access to the mentioned bucket.
- Then, attach the previously created policy to a user.
- When the previous step is done, go to the Users section → select the newly created user → open the Security credentials tab → select Create access key.
- Finally, using the login information from the previous steps, a specific bucket can be accessed by a single user.