javaamazon-s3access-controlminio

How to restrict access by particular user to bucket using bucket level policy in MinIO?


I am configuring MinIO as S3 compatible storage.

Based on https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html

I understood that I can limit access to the bucket using BUCKET level policy for particular user.

AWS example from the linked document:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AddCannedAcl",
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::111122223333:root",
                    "arn:aws:iam::444455556666:root"
                ]
            },
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*",
            "Condition": {
                "StringEquals": {
                    "s3:x-amz-acl": [
                        "public-read"
                    ]
                }
            }
        }
    ]
}

Let's consider 2 lines:

 "arn:aws:iam::111122223333:root",
 "arn:aws:iam::444455556666:root"

As I understand, 111122223333:root and 444455556666:root are user identifiers. But I haven't found any mc command which return me any user identifier? I also checked UI console, but I haven't found anything.


Solution

  • Although Minio states they are s3 compatible — they don't support it and the worst thing here that I was not able to find any information in Minio documentation about inconsistency with S3 API regarding my question.

    But eventually, I was able to find a closed ticket on GitHub, and it is clearly stated that it won't be implemented. It must be in documentation.

    https://github.com/minio/minio/issues/9530