I need to allow an anonymous user to access a single folder in the Amazon S3 bucket by providing an STS Token.
I found a guide on how to provide an access to a user-specific folders in one bucket based on policies and policy variables. There you use long-term user keys. Would that be possible to implemented something similar but using the STS tokens and only one user vs. multiple users each having their own folders?
When you call
AssumeRole
through the STS service you include a policy document that specifies what permissions the temporary credentials will have. In that policy document you would specify the exact S3 permissions you want this user to have. You wouldn't need to use policy variables because you are generating a policy document for a single user at that point (no user variable needed because you know who the exact user is in this scenario).Your policy document would look something like this (replacing
my-bucket
andmy-folder
with the actual bucket name and folder name you want to grant the specific user access to):