LoginSignup
11
13

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@hash(t hash)

S3の特定bucketのみアクセス可能にする(他のbucketも見せない)Policy設定

Posted at

hoge.fuga.comというドメインをホスティングする,
hoge.fuga.comという名前のbucketを作成しており,

hoge.fuga.com bucket内の読み書き」のみを許すIAMユーザを作成,で,どのようなPolicyを付与するのが正しいか.

  • S3サービスのみアクセス可能
  • 他のbucket一覧は見えないようにする

想定する使い方としてはCyberduckなどのアップローダーからファイルの上げ下げをしてもらう,という.

下記でうまくいったっぽい.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::hoge.fuga.com"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::hoge.fuga.com"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::hoge.fuga.com/*"
            ]
        }
    ]
}
````
11
13
1

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
11
13

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?