AWS | How to auto generate S3 Policy

|
| By Webner

Steps to auto generate AWS S3 Policy that you can use to provide access rights according to requirement:

→ Open S3 from AWS console:

1. Click on AWS bucket
2. Now, click properties
3. Click on Add bucket policy:
1
4. Now, Click on AWS Policy Generator:
2

Else use the link to open tool:
http://awspolicygen.s3.amazonaws.com/policygen.html

5. Now, Select the type of policy from drop down list, then use ( * ) to apply in whole bucket, then select the appropriate action which you want to perform:
3
6. And now finally provide the ARN as mentioned in below snapshot:
4

Sample of S3 Policy

1. List all buckets in S3:

{
  "Version": "2012-10-17",
  "Statement": 
 [
 {
   "Sid": "AllowGroupToSeeBucketListInTheConsole",
   "Action": ["s3:ListAllMyBuckets"],
   "Effect": "Allow",
   "Resource": ["arn:aws:s3:::*"]
  }
  ]
}

2. Below policy is to restrict the S3 bucket from being accessible only from specific locations using their Static IP address:

{
"Version": "2008-10-17",
"Id": "S3PolicyId1",
"Statement": [
	{
	"Sid": "IPAllow",
	"Effect": "Allow",
	"Principal": {
	"AWS": "*"
	},
	"Action": "s3:*",
	"Resource": "arn:aws:s3:::naviwaf/*",
	"Condition": {
	"IpAddress": {
	"aws:SourceIp": [
	"55.50.40.51/32",
	"55.17.141.20/32"
	]}
        }
	}
]
}

3. Read-only access from everywhere policy:

{
	"Id": "Policy1491566744687",
	"Version": "2012-10-17",
	"Statement": [
		{
		"Sid": "Stmt1491566743019",
		"Action": [
		"s3:GetObject"
		],
		"Effect": "Allow",
		"Resource": "arn:aws:s3:::naviwaf/*",
		"Principal": "*"
		}]
}

4. Read, Write and List all contents of the bucket:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
            "s3:Get*",
            "s3:List*",
            "s3:Put*"
            ],
            "Resource": "*"
        }
    ]
}

 

Leave a Reply

Your email address will not be published. Required fields are marked *