If you want to isolate permissions to a specific bucket, you can create and attach this policy to your IAM user. Where it says YOUR_BUCKET_NAME_HERE, you would insert the name of the bucket.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME_HERE/*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME_HERE"
        }
    ]


Questions about Amazon S3? Email us at support@grow.com or chat in on the site.

Did this answer your question?