TechQA.

Grant access to a single folder in the bucket by AWS STS token

1.2k views Asked by At

I need to allow an anonymous user to access a single folder in the Amazon S3 bucket by providing an STS Token.

I found a guide on how to provide an access to a user-specific folders in one bucket based on policies and policy variables. There you use long-term user keys. Would that be possible to implemented something similar but using the STS tokens and only one user vs. multiple users each having their own folders?

amazon-web-services amazon-s3 token amazon-iam aws-sts
Original Q&A
1

There are 1 answers

2
Mark B On

When you call AssumeRole through the STS service you include a policy document that specifies what permissions the temporary credentials will have. In that policy document you would specify the exact S3 permissions you want this user to have. You wouldn't need to use policy variables because you are generating a policy document for a single user at that point (no user variable needed because you know who the exact user is in this scenario).

Your policy document would look something like this (replacing my-bucket and my-folder with the actual bucket name and folder name you want to grant the specific user access to):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*"
            ],
            "Resource": "arn:aws:s3:::my-bucket/my-folder/*"
        }
    ]
}

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AMAZON-S3

Related Questions in TOKEN

Related Questions in AMAZON-IAM

Related Questions in AWS-STS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions