Links

AWS S3 security considerations

When using AWS, follow the instructions in Security Best Practices in IAM
Permit the following actions for both the bucket and all objects:
Permitted actions
s3:PutObject
s3:GetObject
s3:ListBucketByTags
s3:ListBucketVersions
s3:ListBucket
s3:DeleteObject
s3:GetBucketLocation
Permit the following actions for the bucket:
Permitted actions
s3:HeadBucket
The following is an example of a JSON policy:
{
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucketVersions",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::",
"arn:aws:s3:::/model9/*",
"arn:aws:s3:::/agents/*"
],
"Sid": "ObjectAccess",
"Effect": "Allow"
},
{
"Action": "s3:HeadBucket",
"Resource": "*",
"Sid": "BucketAccess",
"Effect": "Allow"
}