AWS S3 security considerations
When using AWS, follow the instructions in Security Best Practices in IAM
Permit the following actions for both the bucket and all objects:
Permitted actions
s3:PutObject
s3:GetObject
s3:ListBucketByTags
s3:ListBucketVersions
s3:ListBucket
s3:DeleteObject
s3:GetBucketLocation
Permit the following actions for the bucket:
Permitted actions
s3:HeadBucket
The following is an example of a JSON policy:
1
{
2
"Action": [
3
"s3:PutObject",
4
"s3:GetObject",
5
"s3:ListBucketVersions",
6
"s3:ListBucket",
7
"s3:DeleteObject",
8
"s3:GetBucketLocation"
9
],
10
"Resource": [
11
"arn:aws:s3:::",
12
"arn:aws:s3:::/model9/*",
13
"arn:aws:s3:::/agents/*"
14
],
15
"Sid": "ObjectAccess",
16
"Effect": "Allow"
17
},
18
{
19
"Action": "s3:HeadBucket",
20
"Resource": "*",
21
"Sid": "BucketAccess",
22
"Effect": "Allow"
23
}
Copied!
Export as PDF
Copy link