ドキュメント

How To Grant Access To Only One S3 Bucket Using AWS IAM Policy

This guide gives an overview on how to restrict an IAM user’s access to a single S3 bucket.

  1. Go to http://aws.amazon.com.
  2. Click on “My Account/Console” and select “Security Credentials”.

    S3 Bucket Policy Step 2

  3. Select “Continue to Security Credentials”.

    S3 Bucket Policy Step 3

  4. Select “Policies” on the left menu, then click “Create Policy”.

    S3 Bucket Policy Step 4

  5. Select “Create Your Own Policy”.

    S3 Bucket Policy Step 5

  6. Fill out the “Policy Name”, “Description” and “Policy Document” fields.
    Replace “YOUR-BUCKET” in the example below with your bucket name.

    Note: The "s3:ListAllMyBuckets"is used to list all buckets owned by you, so that tools that list buckets will work.
    The "s3:GetBucketLocation"is needed so that ObjectiveFS can select the right S3 endpoint to talk with.

    Example policy:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "s3:GetBucketLocation",
                    "s3:ListAllMyBuckets"
                ],
                "Resource": "arn:aws:s3:::*"
            },
            {
                "Effect": "Allow",
                "Action": "s3:*",
                "Resource": [
                    "arn:aws:s3:::YOUR-BUCKET",
                    "arn:aws:s3:::YOUR_BUCKET/*"
                ]
            }
        ]
    }

    S3 Bucket Policy Step 6

  7. Your new policy is created after you click “Create Policy”.

    S3 Bucket Policy Step 7

  8. Select “Groups” on the left hand menu bar, and click on “Create New Group”.

    S3 Bucket Policy Step 8

  9. Enter a group name, e.g. S3OneFS.

    S3 Bucket Policy Step 9

  10. Search for the policy name that you just created, e.g. single-bucket-access-and-all-buckets-list

    S3 Bucket Policy Step 10

  11. Next, select “Create Group”.

    S3 Bucket Policy Step 9

  12. Select the group that you just created, e.g. S3OneFS, and click “Group Actions”. Select “Add Users to Group”.

    S3 Bucket Policy Step 9

  13. Then, select your user, e.g. ObjectiveFS, and click “Add Users”.

    S3 Bucket Policy Step 9

  14. You can now use your “Access Key ID” and “Secret Access Key” to run ObjectiveFS restricted to a single bucket.

Your disk cache directory on the local instance store is now ready. See Disk Cache User Guide for configuration details. Please also remember to configure the disk cache to mount on boot.

by ObjectiveFS staff, July 28, 2015
ObjectiveFS is a shared file system for OS X and Linux that automatically scales and gives you scalable cloud storage. If you have questions or article idea suggestions, please email us at お問い合わせはこちら

取り扱いが容易で、しかも安全な S3 ファイルシステム

14日間無料でお試しください