How to give access for a user to list objects in a particular bucket

Jump to bottom

Cesar Celis Hernandez edited this page Mar 14, 2023 · 3 revisions

Objective:

Show how to give access to particular bucket to a user.

Documentation:

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html

Steps:

Deploy MinIO and have access to Console.
List a single S3 bucket named testing-bucket:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::testing-bucket"
            ]
        }
    ]
}

Notice I added this action: "s3:ListBucket" and resource is only for one bucket called: testing-bucket

Now list the objects:

$ mc ls myminio/testing-bucket
[2023-03-14 12:21:43 EDT] 1.3KiB STANDARD README.md

Additions:

Additionally, if you want to list on any bucket you can have this policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:List*"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        }
    ]
}

Again "s3:List*" action under "arn:aws:s3:::*" resource will do the trick!

Clone this wiki locally