From d1cfe0c978223c461287d676a79c9e8aea959f0d Mon Sep 17 00:00:00 2001 From: fyears <1142836+fyears@users.noreply.github.com> Date: Fri, 5 Jan 2024 22:24:37 +0800 Subject: [PATCH] list all the actions i could think of --- docs/s3_user_policy.md | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/docs/s3_user_policy.md b/docs/s3_user_policy.md index fa1c0d5..a1507e2 100644 --- a/docs/s3_user_policy.md +++ b/docs/s3_user_policy.md @@ -1,5 +1,17 @@ # AWS S3 Bucket: How to configure user's policy +## Attention + +Please read the doc carefully and adjust the optional fields accordingly. The doc is not fully tested and contributions are welcome. + +## AWS Official Docs + +* +* +* + +## Prerequisites + Using the principle of least privilege is crucial for security when allowing a third party system to access your AWS resources. **Prerequisites**: Ensure you have an AWS account and administrative access to manage IAM policies. @@ -20,7 +32,7 @@ Using the principle of least privilege is crucial for security when allowing a t "Sid": "ObsidianBucket", "Effect": "Allow", "Action": [ - "s3:ListBucket" + "s3:HeadBucket" ], "Resource": "arn:aws:s3:::my-bucket" }, @@ -28,9 +40,21 @@ Using the principle of least privilege is crucial for security when allowing a t "Sid": "ObsidianObjects", "Effect": "Allow", "Action": [ + "s3:HeadObject", "s3:PutObject", + "s3:CopyObject", + "s3:UploadPart", + "s3:UploadPartCopy", + "s3:ListMultipartUploads", + "s3:AbortMultipartUpload", + "s3:CompleteMultipartUpload", + "s3:ListObjects", + "s3:ListObjectsV2", + "s3:ListParts", "s3:GetObject", - "s3:DeleteObject" + "s3:GetObjectAttributes", + "s3:DeleteObject", + "s3:DeleteObjects" ], "Resource": "arn:aws:s3:::my-bucket/*" } @@ -55,4 +79,4 @@ After attaching the policy, test it by trying to access the S3 bucket through th ## Troubleshooting -If you encounter permission errors, check the policy for typos in the bucket name or actions. Ensure the policy is attached to the correct user. \ No newline at end of file +If you encounter permission errors, check the policy for typos in the bucket name or actions. Ensure the policy is attached to the correct user.