Tuesday 1 October 2013

Create isolated bucket on S3

  1. setup
    1. create IAM group
      1. add simple, custom policy below
      2.  do not add any other policies to group
    1. create IAM user and put in above IAM group
      1. create and download key and secret for user
    2. create bucket "mybucket01" in S3
      1. you don't have to touch perms of bucket itself
  2. client
    1. install s3fox addon for Firefox from www.s3fox.net
      1. older versions FAIL! get it only at www.s3fox.net
    2. open s3fox addon
      1. Firefox -> Tools -> S3 Organizer
    3. add only one user to "Manage Accounts" using user key and secret
    4. in right-hand window of s3fox add "/mybucket01" NOT "/"
      1. "/" will give you "Access Denied"
        1. because user does not have perms to list root buckets, only itself
{
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "arn:aws:s3:::mybucket01"
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::mybucket01",
                "arn:aws:s3:::mybucket01/*"
            ]
        }
    ]
}   

No comments:

Post a Comment

Note: only a member of this blog may post a comment.

Interview questions: 2020-12

Terraform provider vs provisioner Load balancing Network Load Balancer vs Application Load Balancer  Networking Layer 1 vs Layer 4 haproxy u...