
This assumes you have already configured the aws command line tool. If not, check out my article on Getting Started with the AWS CLI.
An S3 Bucket is similar to an NFS share in that it is a mountable storage volume.
A policy grants certain permissions to certain resources. For example, one such policy would be to allow an Elastic Load Balancer to write logs to the S3 Bucket.
A JSON file contains the policy that will be added. In this example, the Policy will allow an Application Load Balancer to write logs to the S3 Bucket.
{
"Id": "Policy9876543210987",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt9876543210987",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::my-bucket-abcdefg",
"Principal": {
"AWS": [
"arn:aws:iam::123456789012:user/johndoe"
]
}
}
]
}
The aws s3api put-bucket-policy command can be used to attach the policy to the S3 Bucket.
aws s3api put-bucket-policy --bucket my-bucket-abcdefg --policy file://policy.json
And then the aws s3api get-bucket-policy command can be used to confirm that the policy has been attached to the S3 Bucket.
]$ aws s3api get-bucket-policy --bucket my-bucket-abcdefg
{
"Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:root\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::my-bucket-abcdefg/my-application-load-balancer-logs/AWSLogs/123456789012/*\"}]}"
}
Did you find this article helpful?
If so, consider buying me a coffee over at