Read Only IAM policy for AWS S3

AWS S3 Readonly IAM Policy

Had a little difficulty getting the right setting to restrict access to read only on several folders in an AWS S3 bucket.

Here is the eventually policy that worked for me:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::nas-backup",
"Condition": {}
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl"
],
"Resource": [
"arn:aws:s3:::nas-backup/development/*",
"arn:aws:s3:::nas-backup/it/*",
"arn:aws:s3:::nas-backup/aria/*",
"arn:aws:s3:::nas-backup/cto/*",
"arn:aws:s3:::nas-backup/documentation/*",
"arn:aws:s3:::nas-backup/support/*",
"arn:aws:s3:::nas-backup/customer/*",
"arn:aws:s3:::nas-backup/verification/*"
],
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*",
"Condition": {}
}
]
}

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.