June 8, 2020 / Nirav Shah
Example of policy:
There is a tool called the AWS Policy Generator in which a custom policy can be created.
Demo link https://www.youtube.com/watch?v=FocPPmC12iU
In this blog, we have created two sections,
So now let’s implement on AWS console
Login into AWS account and go to S3 console and create the bucket.
Now ones you create the bucket add some object on this bucket.
Here we have created a “mywebsite1996” bucket and in this bucket, we created two folders that are “Private” and “public “.
Now click on permission and go to bucket policy,
Now we are creating a custom policy using a policy generator so that only a particular object can be accessed publicly.
And click on Add statement,
{
"Id": "Policy1590568185854",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1590568183957",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::website 1996/*",
"Principal": "*"
}
]
}
Above policy is which is generated by policy generator.
So now your bucket policies are publicly accessed,
Now we learn how to access a particular user to access the specific object (here we will see access to private folder).
So first go the IAM console,
In IAM console we will create the user, and we will give console access.
Click on permissions,
Here we will create a new group and the group name is “users”.
And click on the “create group” button.
And click on next and give some tags and create the user.
Now go to policies and create custom policies so that user can be accessed s3 bucket,
And click on review policy and give some name of the policy here we give “user@123” and click on “create policy”.
Now go to the group section and click on add permission.
And attached our existing policy to this group. And click on attach the policy.
So in here users only see the bucket they didn’t put any object in the bucket.
Now we will see how we can give permission to IAM users.
First, go to to my bucket (mywebsite1996), we have to create a bucket policy for new IAM user, so add a policy.
And click on save the policy And it’s done.
In this blog, we learned about how to create a bucket & user policy.
Also Read: How to create an IAM User from AWS Console?
Services: Hire AWS Expert
As a Director of Eternal Web Private Ltd an AWS consulting partner company, Nirav is responsible for its operations. AWS, cloud-computing and digital transformation are some of his favorite topics to talk about. His key focus is to help enterprises adopt technology, to solve their business problem with the right cloud solutions.
Have queries about your project idea or concept? Please drop in your project details to discuss with our AWS Global Cloud Infrastructure service specialists and consultants.
