AWS S3 security considerations
Permit the following actions for both the bucket and all objects:
Permitted actions |
s3:PutObject |
s3:GetObject |
s3:ListBucketByTags |
s3:ListBucketVersions |
s3:ListBucket |
s3:DeleteObject |
s3:GetBucketLocation |
Permit the following actions for the bucket:
Permitted actions |
s3:HeadBucket |
The following is an example of a JSON policy:
{
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucketVersions",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::",
"arn:aws:s3:::/model9/*",
"arn:aws:s3:::/agents/*"
],
"Sid": "ObjectAccess",
"Effect": "Allow"
},
{
"Action": "s3:HeadBucket",
"Resource": "*",
"Sid": "BucketAccess",
"Effect": "Allow"
}