BG3 Warlock build.REGISTER NOW GET FREE 888 PESOS REWARDS!

(@karpstrucking)

I’m using a custom IAM policy to restrict access to a specific folder/prefix in AWS. The policy is below, and works – but only if multipart upload option is unchecked. Does anyone know how to adjust this policy to accept multipart upload?

Thanks!

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowUserToSeeBucketListInTheConsole",
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListAllMyBuckets"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::*"
            ]
        },
        {
            "Sid": "AllowRootAndHomeListingOfCompanyBucket",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::mybucket"
            ],
            "Condition": {
                "StringEquals": {
                    "s3:prefix": [
                        "",
                        "mysharedfolder/"
                    ],
                    "s3:delimiter": [
                        "/"
                    ]
                }
            }
        },
        {
            "Sid": "AllowListingOfUserFolder",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::mybucket"
            ],
            "Condition": {
                "StringLike": {
                    "s3:prefix": [
                        "mysharedfolder/myfolder/*"
                    ]
                }
            }
        },
        {
            "Sid": "AllowAllS3ActionsInUserFolder",
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::mybucket/mysharedfolder/myfolder/*"
            ]
        }
    ]
}

https://www.ads-software.com/plugins/backwpup/

Viewing 1 replies (of 1 total)

Daniel Hüsken

(@danielhuesken)

9 years, 11 months ago

{
  "Statement": [
   {
     "Action": "s3:ListAllMyBuckets",
     "Effect": "Allow",
     "Resource": "arn:aws:s3:::*"
   },
    {
      "Action": [
        "s3:AbortMultipartUpload",
        "s3:DeleteObject",
        "s3:GetBucketLocation",
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads",
        "s3:PutObject",
        "s3:PutObjectAcl"
      ],
      "Effect": "Allow",
      "Resource": [ "arn:aws:s3:::dhdev", "arn:aws:s3:::dhdev/*" ]
    }
  ]
}

This the default Policy. Try to add “s3:ListBucketMultipartUploads”, “s3:AbortMultipartUpload” to your actions.

Viewing 1 replies (of 1 total)

The topic ‘Multipart uploads with a custom IAM policy’ is closed to new replies.