Ability to Restrict S3 Permissions

  • Christina

    (@geekmenina)


    6 years ago

    I am currently testing this out with a localhost site. I setup the bucket and user as described in your Quick Start guide, but I really don’t want to give the user a policy that allows them to do whatever they want on the S3 buckets.

    I setup a custom policy to set the permissions for the user to have full permissions on the specific bucket that I set up. When I save the settings with the plugin, it tells me it doesn’t have enough permissions.

    Is this because the plugin is expecting full access to S3 as a whole to all buckets, or is it possible to let it have full access to a single bucket?

    Thanks for your time.

Viewing 1 replies (of 1 total)
  • Plugin Contributor ianmjones

    (@ianmjones)

    You should be able to restrict the access to a specific bucket via a “Resource” block after the action block in the IAM User’s policy (JSON format).

    Something like…

    
  "Resource": [
    "arn:aws:s3:::the-bucket",
    "arn:aws:s3:::the-bucket/*"
  ]

    We used to recommend this as part of setting up a custom policy during the set up guide, but had so much support from people not getting it right that we no longer recommend it in the quick start guide. It’s better that people get something working as simply as possible, and then add restrictions afterwards in the knowledge that the plugin works as intended for them.

    We’re considering adding a new doc specifically related to restricting IAM User access, but it’s an advanced feature that requires familiarity with AWS and repercussions of altering IAM User policies.

Viewing 1 replies (of 1 total)
  • The topic ‘Ability to Restrict S3 Permissions’ is closed to new replies.