सारंग's Notes

2024-11-22 s3 task

2 min read

S3 Task

  1. Create an IAM Policy:
    • First, create an IAM policy that defines the permissions for the specific S3 bucket(s).
    • This policy should follow the principle of least privilege, granting only the necessary permissions.
  2. Attach the Policy to the IAM User:
    • Go to the IAM console and select the user.
    • Choose “Add permissions” and then “Attach existing policies directly”.
    • Find and select the policy you created for S3 bucket access.
  3. Example Policy (customize as needed): 
    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::your-bucket-name",
        "arn:aws:s3:::your-bucket-name/*"
      ]
    }
  ]
}
    
4. Security Considerations:
    - Always use specific bucket ARNs instead of wildcards.
    - Grant only the necessary permissions (e.g., read-only if that's all that's required).
    - Consider using IAM groups for easier management if multiple users need the same access.
	
5. Best Practices:
    - Regularly review and audit permissions.
    - Use AWS Organizations and Service Control Policies for managing permissions across multiple accounts.
    - Implement proper bucket policies and access control lists (ACLs) on the S3 buckets themselves.
	
6. Testing:
    - After applying the policy, test the access in a safe, non-production environment.
    - Verify that the user can only access the intended buckets and perform only the allowed actions.

Remember, it's crucial to tailor these permissions to your specific use case and security requirements. For the most up-to-date and detailed information on IAM policies and S3 bucket permissions, please refer to the official AWS documentation.


# Static web hosting
Create s3 bucket
properties --> enable static web hosting
permission --> turn off block public access
					--> object ownership --> enable ACL
					--> ACL --> enable everyone list and read
					--> upload files

Graph View

Recent Articles