Skip to main content

AWS S3: User Access to specific Bucket via the AWS Webconsole

209 words·
AWS S3
Table of Contents

This tutorial will provide user access to a specific S3 Bucket via the AWS web console. This can be very handful of you want a quick way to share data with a customer.

Copy Amazon Resource Name (ARN) of S3 bucket
#

Create IAM Policy
#

Create a new IAM policy to acces the S3 Bucket

Move to JSON tab and replace the default policy with the following policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::bucket_name"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": ["arn:aws:s3:::bucket_name/*"]
    }
  ]
}

Replace arn:aws:s3:::bucket_name with the ARN of your S3 Bucket Give the new policy a name and save it:

Create IAM User and attach the policy
#

Choose a user name and enable console access:

Attach the IAM Policy and create the user:

Copy the password for the user

Access S3 Bucket with the new user
#

Copy your AWS Account ID

Use your AWS Account ID and ogin with the IAM user credentials

The user can not select the newly create S3 Bucket nor any other from your S3 Buckets from the Bucket overview.

Insted the user has to access the bucket with a link that directly points to the S3 Bucket: https://s3.console.aws.amazon.com/s3/buckets/blog-jklug/