I created the following AWS policy in order to give a user access to my-backup
bucket. The user can see all objects in the bucket and edit them, but he cannot go to the overview page.
I thought that by giving the ListBucket
action, he would be able to see the bucket indicated. But the overview page shows an empty list as if there were no buckets at all.
What permission/action would I need to add?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::my-backup"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::my-backup/*"
]
}
]
}
There is a difference between listing files in the bucket and listing the buckets. The first one already works.
For the latter you need s3:ListAllMyBuckets
on resource *
. This will allow them to see every bucket you own. There is no middle ground, either they can see all buckets or no buckets. Obviously even so they can see the other buckets, as long as they have no additional permission they cannot interact with them.