AWS S3 security considerations

When using AWS, follow the instructions in Security Best Practices in IAM​
Permit the following actions for both the bucket and all objects:
Permitted actions
s3:PutObject
s3:GetObject
s3:ListBucketByTags
s3:ListBucketVersions
s3:ListBucket
s3:DeleteObject
s3:GetBucketLocation
Permit the following actions for the bucket:
Permitted actions
s3:HeadBucket
The following is an example of a JSON policy:
{
"Action": [
    "s3:PutObject",
    "s3:GetObject",
    "s3:ListBucketVersions",
    "s3:ListBucket",
    "s3:DeleteObject",
    "s3:GetBucketLocation"
],
"Resource": [
    "arn:aws:s3:::",
    "arn:aws:s3:::/model9/*",
    "arn:aws:s3:::/agents/*"
],
"Sid": "ObjectAccess",
"Effect": "Allow"
},
{
    "Action": "s3:HeadBucket",
    "Resource": "*",
    "Sid": "BucketAccess",
    "Effect": "Allow"
} 
Last modified 4mo ago