ドキュメント

How To Grant Access To Only One S3 Bucket Using AWS IAM Policy

This guide gives an overview on how to restrict an IAM user’s access to a single S3 bucket.

1. Go to http://aws.amazon.com.

2. Click on “My Account/Console” and select “Security Credentials”.

   

3. Select “Continue to Security Credentials”.

   

4. Select “Policies” on the left menu, then click “Create Policy”.

   

5. Select “Create Your Own Policy”.

   

6. Fill out the “Policy Name”, “Description” and “Policy Document” fields.
   Replace “YOUR-BUCKET” in the example below with your bucket name.
   
   Note: The "s3:ListAllMyBuckets"is used to list all buckets owned by you, so that tools that list buckets will work.
   The "s3:GetBucketLocation"is needed so that ObjectiveFS can select the right S3 endpoint to talk with.

   Example policy:

   {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Effect": "Allow",
               "Action": [
                   "s3:GetBucketLocation",
                   "s3:ListAllMyBuckets"
               ],
               "Resource": "arn:aws:s3:::*"
           },
           {
               "Effect": "Allow",
               "Action": "s3:*",
               "Resource": [
                   "arn:aws:s3:::YOUR-BUCKET",
                   "arn:aws:s3:::YOUR_BUCKET/*"
               ]
           }
       ]
   }

   

7. Your new policy is created after you click “Create Policy”.

   

8. Select “Groups” on the left hand menu bar, and click on “Create New Group”.

   

9. Enter a group name, e.g. S3OneFS.

   

10. Search for the policy name that you just created, e.g. single-bucket-access-and-all-buckets-list

    

11. Next, select “Create Group”.

    

12. Select the group that you just created, e.g. S3OneFS, and click “Group Actions”. Select “Add Users to Group”.

    

13. Then, select your user, e.g. ObjectiveFS, and click “Add Users”.

    

14. You can now use your “Access Key ID” and “Secret Access Key” to run ObjectiveFS restricted to a single bucket.

Your disk cache directory on the local instance store is now ready. See Disk Cache User Guide for configuration details. Please also remember to configure the disk cache to mount on boot.

by ObjectiveFS staff, July 28, 2015
ObjectiveFS is a shared file system for OS X and Linux that automatically scales and gives you scalable cloud storage. If you have questions or article idea suggestions, please email us at お問い合わせはこちら

Related articles: