From Scripts to Scalable Systems

AWS IAM: How to Grant User Access to a Specific Resource (S3 Bucket)

Avinash Reddy's photo
Avinash Reddy
·

1 min read

Hello all, in this blog, I will show you how to give access to a user to access a specific resource like an s3 bucket.

Create an S3 bucket and spin an EC2 instance, then follow the below steps.

Step 1: Create a custom role with EC2 service, while adding an inline policy, while adding an inline policy to the same role

Step 2: Modify the inline policy by adding the S3 bucket's ARN using policy generator.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowAllActionsOnBucketObjects",
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::bucketavi294/*"
        },
        {
            "Sid": "AllowBucketLevelActions",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::bucketavi294"
        },
        {
            "Sid": "AllowListAllBuckets",
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "*"
        }
    ]
}

Step 3: Attach the role to an EC2 instance.

To validate, login to the instance, make sure you have access to the bucket

aws s3 ls
# Try pushing a local file to the bucket to test the access
aws s3 cp [file] s3://[buket]/[file name as you wish]

Note: In roles, attach the role directly to the instance if you’re looking for a permanent solution, don’t run `` aws configure ``

Thanks for reading!

AWSIAM