Bootstrap FreeKB - Amazon Web Services (AWS) - Add Policy to an S3 Bucket using AWS CLI
Amazon Web Services (AWS) - Add Policy to an S3 Bucket using AWS CLI
Updated:   |  Amazon Web Services (AWS) articles

This assumes you have already configured the aws command line tool. If not, check out my article on Getting Started with the AWS CLI.

An S3 Bucket is similar to an NFS share in that it is a mountable storage volume.

A policy grants certain permissions to certain resources. For example, one such policy would be to allow an Elastic Load Balancer to write logs to the S3 Bucket.

A JSON file contains the policy that will be added. In this example, the Policy will allow an Application Load Balancer to write logs to the S3 Bucket.

{
  "Id": "Policy9876543210987",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt9876543210987",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::my-bucket-abcdefg",
      "Principal": {
        "AWS": [
          "arn:aws:iam::123456789012:user/johndoe"
        ]
      }
    }
  ]
}

 

The aws s3api put-bucket-policy​ command can be used to attach the policy to the S3 Bucket.

aws s3api put-bucket-policy --bucket my-bucket-abcdefg --policy file://policy.json

 

And then the aws s3api get-bucket-policy​ command can be used to confirm that the policy has been attached to the S3 Bucket.

]$ aws s3api get-bucket-policy --bucket my-bucket-abcdefg
{
    "Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:root\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::my-bucket-abcdefg/my-application-load-balancer-logs/AWSLogs/123456789012/*\"}]}"
}

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter a9280e in the box below so that we can be sure you are a human.