Is it possible to give an SFTP user a write only access to a bucket?
- Sid: AllowListingOfUserFolder
Action:
- s3:ListBucket
Effect: Allow
Resource:
- arn:aws:s3:::mybucket
- Sid: HomeDirObjectAccess
Action:
- s3:PutObject*
Effect: Allow
Resource: arn:aws:s3:::mybucket/*
I have this policy on my SFTP users role right now and it allows me to both see the contents of the bucket and put new files. But when I remove AllowListingOfUserFolder (s3:ListBucket) I cannot put files anymore.
What I need is a write-only bucket policy for the SFTP user I got. Am I missing anything or is actually impossible?
You aren't missing anything. In order to put an object/file to s3 bucket via transfer server you need give list bucket access to user then only user can put object to your s3 directory.
However you can attach the following policy to user to allow specific Amazon S3 put permissions on the folder level(ex. mybucket/in/*).
Example:-
- Sid: AllowListingOfUserFolder
Action:
- s3:ListBucket
Effect: Allow
Resource:
- arn:aws:s3:::mybucket
- Sid: HomeDirObjectAccess
Action:
- s3:PutObject*
Effect: Allow
Resource: arn:aws:s3:::mybucket/in/*